diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index d418e739..263af134 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -11,6 +11,8 @@ jobs: permissions: # NOTE: Needed to push to the repository. contents: write + outputs: + auto-pr-ref: ${{ steps.commit.outputs.auto-pr-ref }} steps: - name: Check out this repo uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 @@ -46,15 +48,22 @@ jobs: - run: python3 pip-audit-bulk - name: Commit and push if it changed + id: commit run: |- git config user.name "github.actions" git config user.email "actions@users.noreply.github.com" git add -A timestamp=$(date -u) git commit -m "Latest data: ${timestamp}" || exit 0 + echo "auto-pr-ref=$(git rev-parse HEAD)" >> "${GITHUB_OUTPUT}" git push auto-pr: needs: [audit] uses: ./.github/workflows/auto-pr.yml secrets: inherit + with: + # NOTE: Without this, the reusable workflow will checkout + # the GITHUB_REF from the caller workflow, i.e. the commit + # right before our push above. + ref: ${{ needs.audit.outputs.auto-pr-ref }} diff --git a/.github/workflows/auto-pr.yml b/.github/workflows/auto-pr.yml index eaf45bce..0541a066 100644 --- a/.github/workflows/auto-pr.yml +++ b/.github/workflows/auto-pr.yml @@ -11,6 +11,10 @@ on: required: true default: true type: boolean + ref: + required: false + default: '' + type: string workflow_call: inputs: pr-limit: @@ -19,6 +23,9 @@ on: dry-run: default: false # don't dry-run by default when called from another workflow type: boolean + ref: + default: ${{ github.ref }} + type: string jobs: auto-pr: @@ -39,6 +46,8 @@ jobs: with: fetch-depth: 0 persist-credentials: false + # will expand to '' when unset in workflow_dispatch, i.e. default branch + ref: ${{ inputs.ref }} - name: Set up Homebrew id: set-up-homebrew