Skip to content

Remove requiring github token for vendor-check #6218

Remove requiring github token for vendor-check

Remove requiring github token for vendor-check #6218

name: Dependabot
on: pull_request
permissions:
contents: write
# NOTE: For this job, we are unable to use the GITHUB_TOKEN from the action
# itself. The reason for this is that the tokens handed out for actions dont'
# contain the necessary permissions to kick off workflows in the case a new
# commit is added, as is the case here. For this job, we use the GH_BOT token
# secret in the repo, which has the necessary permissions. This allows the
# final commit+push on this job to execute the rest of the workflow required by
# the PR build configuration.
jobs:
dependabot:
name: Serverless gomod update
runs-on: ubuntu-latest
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
steps:
- name: Set up Go 1.22
uses: actions/setup-go@v5
with:
go-version: 1.22.4
- name: Get app token
uses: actions/create-github-app-token@v1
id: get-github-app-token
with:
app-id: ${{secrets.APP_ID}}
private-key: ${{secrets.APP_PRIVATE_KEY}}
owner: ${{ github.repository_owner }}
- name: Check out code
uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
token: ${{ steps.get-github-app-token.outputs.token }}
- name: Update serverless gomod
run: make -C cmd/tempo-serverless update-mod
- name: Commit serverless gomod changes
env:
USER: x-access-token
TOKEN: ${{ steps.get-github-app-token.outputs.token }}
run: |
git config --global url."https://${USER}:${TOKEN}@github.com/grafana/tempo".insteadOf "https://github.com/grafana/tempo"
git add cmd/tempo-serverless/lambda/go.mod
git add cmd/tempo-serverless/lambda/go.sum
git add cmd/tempo-serverless/cloud-run/go.mod
git add cmd/tempo-serverless/cloud-run/go.sum
git diff --quiet --staged || git commit -m 'Update serverless gomod'
- name: Push changes
run: |
git push origin ${{ github.head_ref }}