fix: open PR instead of pushing directly to protected main branch (#14) #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update README SHA reference | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'README.md' | |
| - '**.md' | |
| - 'LICENSE' | |
| - '.github/FUNDING.yml' | |
| jobs: | |
| update-sha: | |
| name: Update pinned SHA in README | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| with: | |
| ref: main | |
| fetch-depth: 2 | |
| - name: Update SHA in README.md | |
| run: | | |
| NEW_SHA="${{ github.sha }}" | |
| sed -i "s|ref: [0-9a-f]\{40\}|ref: ${NEW_SHA}|g" README.md | |
| - name: Commit updated README.md | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| if git diff --quiet README.md; then | |
| echo "No SHA change detected, skipping commit." | |
| else | |
| BRANCH="chore/update-readme-sha-${{ github.sha }}" | |
| git checkout -b "${BRANCH}" | |
| git add README.md | |
| git commit -m "chore: update pinned SHA in README to ${{ github.sha }}" | |
| git push origin "${BRANCH}" | |
| gh pr create \ | |
| --title "chore: update pinned SHA in README to ${{ github.sha }}" \ | |
| --body "Automated update of the pinned commit SHA in the GitHub Actions usage example in README.md." \ | |
| --base main \ | |
| --head "${BRANCH}" | |
| fi | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |