Last active
December 7, 2022 01:26
-
-
Save a-tokyo/0d811e818513fc4d3272335d2847d748 to your computer and use it in GitHub Desktop.
Github action that adds react-native support to dependabot by automatically running pod install after dependabot upgrades an npm/yarn package.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This adds react-native support to dependabot by automatically running pod install after dependabot upgrades an npm/yarn package. | |
| # Dependabot open issue: https://github.com/dependabot/dependabot-core/issues/935#issuecomment-698481919 | |
| name: Update Cocoapods Dependencies after Dependabot package upgrade | |
| on: | |
| push: | |
| branches: | |
| - dependabot/npm_and_yarn/** # OR dependabot/npm_and_yarn/**react-native** to run only for packages that have react-native in the name | |
| pull_request: | |
| branches: | |
| - dependabot/npm_and_yarn/** # OR dependabot/npm_and_yarn/**react-native** to run only for packages that have react-native in the name | |
| jobs: | |
| run: | |
| name: Run pod install | |
| runs-on: macos-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Get yarn cache | |
| id: yarn-cache | |
| run: echo "::set-output name=dir::$(yarn cache dir)" | |
| - uses: actions/cache@v1 | |
| with: | |
| path: ${{ steps.yarn-cache.outputs.dir }} | |
| key: ${{ runner.os }}-node-12.x-yarn-${{ hashFiles('**/yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node-12.x-yarn- | |
| - uses: actions/setup-node@v1 | |
| with: | |
| node-version: 12.x | |
| registry-url: https://registry.npmjs.org/ | |
| - name: Install Packages | |
| run: yarn install --frozen-lockfile | |
| env: | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Cache pods | |
| uses: actions/cache@v1 | |
| with: | |
| path: ios/Pods | |
| key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-pods- | |
| - name: Install Cocoapods Packages | |
| run: pushd ios && pod install --verbose && popd | |
| - name: Generate Commit Message | |
| id: generate_commit_message | |
| # eg: ⬆️ Bump Cocoapods Packages for apple-signin-auth-1.4.0 | |
| run: | | |
| branch=${GITHUB_REF#refs/heads/} | |
| # add `[dependabot skip]` prefix so Dependabot force pushes any rebases over our changes triggering the action again | |
| commit_message="Bump ${branch//dependabot\/npm_and_yarn\// } cocoapods packages%0A%0A[dependabot skip]" | |
| echo ::set-output name=commit_message::$commit_message | |
| - uses: stefanzweifel/git-auto-commit-action@v4.1.1 | |
| with: | |
| branch: ${{ github.head_ref }} | |
| commit_message: ${{ steps.generate_commit_message.outputs.commit_message }} |
Updated the gist to put the dependabot skip tag at the end of the commit message 👍
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for posting this. It works great.
Here is a tiny improvement for anyone else with ocd 😄
commit_message="Bump ${branch//dependabot\/npm_and_yarn\// } Cocoapods packages%0A%0A[dependabot skip]"This puts the
dependabot skiptag not on the first line of the commit message, this looks better in the git history imho.Hint about line breaks found here: actions/toolkit#403