Grant workflow permissions for Dependabot auto-merge #1755
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: ['**'] | |
| push: | |
| branches: ['**'] | |
| tags: [v*] | |
| jobs: | |
| build: | |
| # run on 1) push, 2) external PRs, 3) softwaremill-ci PRs | |
| # do not run on internal, non-steward PRs since those will be run by push to branch | |
| if: | | |
| github.event_name == 'push' || | |
| github.event.pull_request.head.repo.full_name != github.repository || | |
| github.event.pull_request.user.login == 'softwaremill-ci' || | |
| github.event.pull_request.user.login == 'dependabot[bot]' | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '21' | |
| cache: 'sbt' | |
| - uses: sbt/setup-sbt@06192244f17880c9bf69ccd8de5b2e8785822be5 # v1, specifically v1.1.17 | |
| - name: Install native dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install libidn2-dev libcurl3-dev | |
| - name: Check formatting | |
| run: sbt -v scalafmtCheckAll | |
| - name: Compile | |
| run: sbt -v compile | |
| - name: Compile documentation | |
| run: sbt -v compileDocumentation | |
| - name: Test | |
| run: sbt -v test | |
| - uses: actions/upload-artifact@v6 # upload test results | |
| if: success() || failure() # run this step even if previous step failed | |
| with: | |
| name: 'tests-results-java-21' | |
| path: '**/test-reports/TEST*.xml' | |
| publish: | |
| name: Publish release | |
| needs: [build] | |
| if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v')) | |
| runs-on: ubuntu-24.04 | |
| env: | |
| JAVA_OPTS: "-Xmx4G" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Set up JDK | |
| uses: actions/setup-java@v5 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '21' | |
| cache: 'sbt' | |
| - uses: sbt/setup-sbt@06192244f17880c9bf69ccd8de5b2e8785822be5 # v1, specifically v1.1.17 | |
| - name: Install native dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install libidn2-dev libcurl3-dev | |
| - name: Compile | |
| run: sbt compile | |
| - name: Publish artifacts | |
| run: sbt ci-release | |
| env: | |
| PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} | |
| PGP_SECRET: ${{ secrets.PGP_SECRET }} | |
| SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | |
| SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} | |
| - name: Extract version from tag | |
| run: | | |
| version=${GITHUB_REF/refs\/tags\/v/} | |
| echo "VERSION=$version" >> $GITHUB_ENV | |
| - name: Publish release notes | |
| uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6, specifically v6.1.0 | |
| with: | |
| config-name: release-drafter.yml | |
| publish: true | |
| name: "v${{ env.VERSION }}" | |
| tag: "v${{ env.VERSION }}" | |
| version: "v${{ env.VERSION }}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| label: | |
| # only for PRs by softwaremill-ci | |
| if: github.event.pull_request.user.login == 'softwaremill-ci' | |
| uses: softwaremill/github-actions-workflows/.github/workflows/label.yml@main | |
| auto-merge: | |
| # only for PRs by softwaremill-ci | |
| if: github.event.pull_request.user.login == 'softwaremill-ci' | |
| needs: [ build, label ] | |
| uses: softwaremill/github-actions-workflows/.github/workflows/auto-merge.yml@main | |
| auto-merge-dependabot: | |
| # only for PRs by dependabot[bot] | |
| if: github.event.pull_request.user.login == 'dependabot[bot]' | |
| needs: [ build ] | |
| uses: softwaremill/github-actions-workflows/.github/workflows/auto-merge.yml@main | |
| secrets: | |
| github-token: ${{ secrets.SOFTWAREMILL_CI_PR_TOKEN }} |