Skip to content

Update dependencies #113

Update dependencies

Update dependencies #113

name: Update dependencies
on:
schedule:
- cron: '0 11 * * 2'
workflow_dispatch:
permissions:
# This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on.
# More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
id-token: write
contents: write
pull-requests: write
jobs:
update-deps:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ secrets.ROLE }}
role-session-name: dependency-upload-session
aws-region: ${{ secrets.REGION }}
- name: Update Lima dependencies archive for Finch on macOS
run: bash bin/update-deps.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }}
- name: Update base OS for Finch on macOS
run: bash bin/update-os-image.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }}
- name: Update rootfs for Finch on Windows
run: bash bin/update-rootfs.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }}
- name: create PR
uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
with:
# A Personal Access Token instead of the default `GITHUB_TOKEN` is required
# to trigger the checks (e.g., e2e tests) on the created pull request.
# More info: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs
# TODO: Use FINCH_BOT_TOKEN instead of GITHUB_TOKEN.
token: ${{ secrets.GITHUB_TOKEN }}
signoff: true
title: 'build(deps): Bump finch dependencies'