Merge pull request #352 from Permify/dependabot/github_actions/action… #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Permify Proto Definitions | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| update-protos: | |
| name: Update Proto Definitions | |
| timeout-minutes: 10 | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Security hardening for GitHub Actions runner | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2 | |
| with: | |
| egress-policy: audit | |
| # Checkout the current repository | |
| - name: Checkout Repository | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| # Setup Node.js | |
| - name: Setup Node.js | |
| uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 | |
| with: | |
| cache-dependency-path: ./yarn.lock | |
| cache: "yarn" | |
| node-version: 20 | |
| # Install dependencies (needed for ts-proto plugin) | |
| - name: Install Dependencies | |
| uses: bahmutov/npm-install@3e063b974f0d209807684aa23e534b3dde517fd9 # v1.11.2 | |
| with: | |
| useLockFile: false | |
| # Setup Buf CLI - will pull proto from buf.build/permifyco/permify | |
| - name: Setup Buf | |
| uses: bufbuild/buf-action@8f4a1456a0ab6a1eb80ba68e53832e6fcfacc16c # v1.3.0 | |
| with: | |
| setup_only: true | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| # Generate TypeScript code from Buf Schema Registry | |
| - name: Generate Code with Buf | |
| run: yarn buf:generate | |
| # Check if there are any changes | |
| - name: Check for changes | |
| id: verify-changes | |
| run: | | |
| if git diff --quiet; then | |
| echo "has_changes=false" >> $GITHUB_OUTPUT | |
| echo "No changes detected" | |
| else | |
| echo "has_changes=true" >> $GITHUB_OUTPUT | |
| echo "Changes detected, will create PR" | |
| fi | |
| # Create Pull Request only if there are changes | |
| - name: Create Pull Request | |
| if: steps.verify-changes.outputs.has_changes == 'true' | |
| uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| commit-message: "chore(proto): update generated SDK with latest Permify definitions" | |
| title: "chore(proto): update generated SDK with latest Permify definitions" | |
| branch: proto-update/permify-latest | |
| delete-branch: true | |
| base: main | |
| labels: | | |
| dependencies | |
| automated |