chore: update AUTHORS, THIRD-PARTY-NOTICES, Security Test Summary #4163
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Authors and Third Party Notices | |
| on: | |
| # Once a week or on pushes to main | |
| schedule: | |
| - cron: '0 3 * * 0' | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: none # We use the github app token to push the changes | |
| jobs: | |
| update_generated_files: | |
| if: | | |
| github.event_name == 'schedule' || | |
| !startsWith(github.event.head_commit.message, 'chore: update AUTHORS, THIRD-PARTY-NOTICES, Security Test Summary') | |
| name: Update automatically generated files | |
| runs-on: ubuntu-latest | |
| env: | |
| HADRON_DISTRIBUTION: compass | |
| steps: | |
| - name: Create Github App Token | |
| uses: mongodb-js/devtools-shared/actions/setup-bot-token@main | |
| id: app-token | |
| with: | |
| app-id: ${{ vars.DEVTOOLS_BOT_APP_ID }} | |
| private-key: ${{ secrets.DEVTOOLS_BOT_PRIVATE_KEY }} | |
| - uses: actions/checkout@v4 | |
| with: | |
| # don't checkout a detatched HEAD | |
| ref: ${{ github.head_ref }} | |
| # this is important so git log can pick up on | |
| # the whole history to generate the list of AUTHORS | |
| fetch-depth: '0' | |
| token: ${{ steps.app-token.outputs.token }} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.15.1 | |
| cache: 'npm' | |
| - name: Install [email protected] | |
| run: | | |
| npm install -g [email protected] | |
| - name: Install Dependencies | |
| run: | | |
| npm -v | |
| npm run bootstrap-ci | |
| - name: Update AUTHORS | |
| run: | | |
| npm run update-authors | |
| git add AUTHORS | |
| - name: Update THIRD-PARTY-NOTICES.md | |
| run: | | |
| npm run update-third-party-notices | |
| git add THIRD-PARTY-NOTICES.md | |
| - name: Update Security Test Summary | |
| run: | | |
| npm run update-security-test-summary | |
| git add docs/security-test-summary.md | |
| - name: Update tracking-plan.md | |
| run: | | |
| npm run update-tracking-plan | |
| git add docs/tracking-plan.md | |
| - name: Commit and push | |
| run: | | |
| # We can't rely on git not allowing empty commits by default: the | |
| # empty commit check happens before the pre-commit hooks run and if | |
| # there is no diff exists after precommit logic was executed, empty | |
| # commit will still be generated. Instead of that we will allow empty | |
| # commit to happen and will check it directly if it's empty or not | |
| git commit --allow-empty -m "chore: update AUTHORS, THIRD-PARTY-NOTICES, Security Test Summary" | |
| if [ $(git diff-tree --name-only --no-commit-id HEAD | wc -l) -gt 0 ]; then | |
| echo "Files changed, pushing update..." | |
| git push | |
| else | |
| echo "No changes to push" | |
| fi |