Skip to content
Step 4

Add NuGet package ecosystem to Dependabot config #2

Sign in to view logs

Add NuGet package ecosystem to Dependabot config

Add NuGet package ecosystem to Dependabot config #2

Workflow file for this run

.github/workflows/4-dependabot-versions.yml at 675135c
name: Step 4 # Add Dependabot version updates
on:
push:
branches:
- main
paths:
- ".github/dependabot.yml"
permissions:
contents: write
actions: write
issues: write
env:
REVIEW_FILE: ".github/steps/x-review.md"
DEPENDABOT_FILE: ".github/dependabot.yml"
DEPENDABOT_KEYPHRASE: "nuget"
jobs:
find_exercise:
name: Find Exercise Issue
uses: skills/exercise-toolkit/.github/workflows/[email protected]
if: |
github.run_number != 1
check_step_work:
name: Check step work
needs: find_exercise
runs-on: ubuntu-latest
if: |
!github.event.repository.is_template
env:
ISSUE_REPOSITORY: ${{ github.repository }}
ISSUE_NUMBER: ${{ needs.find_exercise.outputs.issue-number }}
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Get response templates
uses: actions/checkout@v6
with:
repository: skills/exercise-toolkit
path: exercise-toolkit
ref: v0.7.3
- name: Find last comment
id: find-last-comment
uses: peter-evans/find-comment@v4
with:
repository: ${{ env.ISSUE_REPOSITORY }}
issue-number: ${{ env.ISSUE_NUMBER }}
direction: last
- name: Update comment - checking work
uses: GrantBirki/[email protected]
with:
repository: ${{ env.ISSUE_REPOSITORY }}
issue-number: ${{ env.ISSUE_NUMBER }}
comment-id: ${{ steps.find-last-comment.outputs.comment-id }}
file: exercise-toolkit/markdown-templates/step-feedback/checking-work.md
edit-mode: replace
# START: Check practical exercise
- name: Check .github/dependabot.yml
id: check-dependabot-file
continue-on-error: true
uses: skills/action-keyphrase-checker@v1
with:
text-file: ${{ env.DEPENDABOT_FILE }}
keyphrase: ${{ env.DEPENDABOT_KEYPHRASE }}
minimum-occurrences: 1
maximum-occurrences: 1
# END: Check practical exercise
- name: Update comment - step results
uses: GrantBirki/[email protected]
with:
repository: ${{ env.ISSUE_REPOSITORY }}
issue-number: ${{ env.ISSUE_NUMBER }}
comment-id: ${{ steps.find-last-comment.outputs.comment-id }}
edit-mode: replace
file: exercise-toolkit/markdown-templates/step-feedback/step-results-table.md
vars: |
step_number: 4
results_table:
- description: "Checked for '${{ env.DEPENDABOT_KEYPHRASE }}' in ${{ env.DEPENDABOT_FILE }}"
passed: ${{ steps.check-dependabot-file.outcome == 'success' }}
- name: Fail job if not all checks passed
if: contains(steps.*.outcome, 'failure')
run: exit 1
post_review_content:
name: Post review content
needs: [find_exercise, check_step_work]
runs-on: ubuntu-latest
if: |
!github.event.repository.is_template
env:
ISSUE_REPOSITORY: ${{ github.repository }}
ISSUE_NUMBER: ${{ needs.find_exercise.outputs.issue-number }}
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Get response templates
uses: actions/checkout@v6
with:
repository: skills/exercise-toolkit
path: exercise-toolkit
ref: v0.7.3
- name: Create comment - step finished - final review next
uses: GrantBirki/[email protected]
with:
repository: ${{ env.ISSUE_REPOSITORY }}
issue-number: ${{ env.ISSUE_NUMBER }}
file: exercise-toolkit/markdown-templates/step-feedback/lesson-review.md
- name: Create comment - add review content
uses: GrantBirki/[email protected]
with:
repository: ${{ env.ISSUE_REPOSITORY }}
issue-number: ${{ env.ISSUE_NUMBER }}
file: ${{ env.REVIEW_FILE }}
- name: Disable current workflow
run: gh workflow disable "${{github.workflow}}"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
finish_exercise:
name: Finish Exercise
needs: [find_exercise, post_review_content]
uses: skills/exercise-toolkit/.github/workflows/[email protected]
with:
issue-url: ${{ needs.find_exercise.outputs.issue-url }}
exercise-title: "Secure your Repository Supply Chain"