Step 2, Verify #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Step 2, Verify | |
| # This step triggers after a participant opens or updates a pull request with a properly configured OIDC role. | |
| # This step sets STEP to 3 | |
| # This step closes <details id=2> and opens <details id=3> | |
| # This will run every time we invoke the "Step 2, Fine-grained permissions - pull requests" workflow | |
| # Reference https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows | |
| on: | |
| workflow_run: | |
| workflows: [ "Step 2, Fine-grained permissions - pull requests" ] | |
| types: | |
| - completed | |
| # Reference https://docs.github.com/en/actions/security-guides/automatic-token-authentication | |
| permissions: | |
| # Need `contents: read` to checkout the repository | |
| # Need `contents: write` to update the step metadata | |
| contents: write | |
| jobs: | |
| get_current_step: | |
| name: Check current step number | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - id: get_step | |
| run: | | |
| echo "current_step=$(cat ./.github/script/STEP)" >> "${GITHUB_OUTPUT}" | |
| outputs: | |
| current_step: ${{ steps.get_step.outputs.current_step }} | |
| move_to_next_step: | |
| name: Move to Step 3 | |
| needs: get_current_step | |
| # We will only run this action when: | |
| # 1. This repository isn't the template repository | |
| # 2. The STEP is currently 2 | |
| # 3. The "Step 2, Fine-grained permissions - pull requests" workflow completes successfully | |
| # Reference https://docs.github.com/en/actions/learn-github-actions/contexts | |
| # Reference https://docs.github.com/en/actions/learn-github-actions/expressions | |
| if: >- | |
| ${{ !github.event.repository.is_template | |
| && needs.get_current_step.outputs.current_step == 2 | |
| && github.event.workflow_run.conclusion == 'success' | |
| }} | |
| # We'll run Ubuntu for performance instead of Mac or Windows | |
| runs-on: ubuntu-latest | |
| steps: | |
| # We'll need to check out the repository so that we can edit the README | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 # Let's get all the branches | |
| # Update README to close <details id=2> and open <details id=3> | |
| # and set STEP to '3' | |
| - name: Update to step 3 | |
| uses: skills/action-update-step@v1 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| from_step: 2 | |
| to_step: 3 |