File tree 1 file changed +8
-4
lines changed
1 file changed +8
-4
lines changed Original file line number Diff line number Diff line change @@ -121,28 +121,32 @@ jobs:
121121 needs : changes
122122 if : needs.changes.outputs.gomod == 'true'
123123 runs-on : ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
124- permissions :
125- # Give the default GITHUB_TOKEN write permission to commit and push the changed files back to the repository.
126- contents : write
127124 steps :
128125 - name : Checkout
129126 uses : actions/checkout@v4
130127 with :
131128 fetch-depth : 1
132129 # See: https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs
133- token : ${{ secrets.GITHUB_TOKEN }}
130+ token : ${{ secrets.CDRCI_GITHUB_TOKEN }}
134131
135132 - name : Setup Go
136133 uses : ./.github/actions/setup-go
137134
138135 - name : Update Nix Flake SRI Hash
139136 run : ./scripts/update-flake.sh
140137
138+ # auto update flake for dependabot
141139 - uses : stefanzweifel/git-auto-commit-action@v5
140+ if : github.actor == 'dependabot[bot]'
142141 with :
143142 # Allows dependabot to still rebase!
144143 commit_message : " [dependabot skip] Update Nix Flake SRI Hash"
145144
145+ # require everyone else to update it themselves
146+ - name : Ensure No Changes
147+ if : github.actor != 'dependabot[bot]'
148+ run : git diff --exit-code
149+
146150 lint :
147151 needs : changes
148152 if : needs.changes.outputs.offlinedocs-only == 'false' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
You can’t perform that action at this time.
0 commit comments