chore(deps): update dependency certifi to v2024.7.4 [security] #1675
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: reset Chart.yaml changelog annotations | |
| on: | |
| release: | |
| types: | |
| # If you want a workflow to run when stable and pre-releases publish, subscribe to published instead of released and prereleased. | |
| # <https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release> | |
| - published | |
| pull_request: | |
| branches: | |
| - master | |
| permissions: read-all | |
| jobs: | |
| reset-commit-and-push: | |
| name: reset changelog annotations, commit, and push | |
| runs-on: ubuntu-22.04 | |
| container: ghcr.io/chgl/kube-powertools:v2.3.0@sha256:3322980b98ece030f4d5fa598ad8b9e152a8308f019175745ba392e396aff8a9 | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Add workspace as safe directory | |
| run: | | |
| git config --global --add safe.directory /__w/recruit/recruit | |
| - name: Checkout | |
| uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.head_ref }} | |
| # currently defaults to just the one chart, "recruit", needs to be updated if | |
| # more charts are added in the future. See <https://github.com/chgl/kube-powertools/blob/master/scripts/generate-chart-changelog.sh> | |
| # for an example script iterating over multiple charts and changelog annotations. | |
| - name: reset Chart.yaml changelog annotations | |
| run: | | |
| # it's most likely impossible to do this in a single yq invocation, as 'annotations["artifacthub.io/changes"]' is | |
| # a string and not an actual yaml array. So we first extract this string, read it back into yq which causes it | |
| # to be parsed as a yaml array which can be indexed to get the first entry back. | |
| # by convention, we assume the first changelog entry describes the version bump. | |
| FIRST_CHANGELOG_ENTRY=$(yq '.annotations["artifacthub.io/changes"]' charts/recruit/Chart.yaml | yq '[.0]') | |
| export FIRST_CHANGELOG_ENTRY | |
| # FIRST_CHANGELOG_ENTRY is a string that looks like a yaml array with a single entry. | |
| # use it to replace the entire changelog annotation with a single entry. | |
| yq -i '.annotations["artifacthub.io/changes"] |= strenv(FIRST_CHANGELOG_ENTRY)' charts/recruit/Chart.yaml | |
| - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4 | |
| # run everything above in PRs to make sure it works, but only actually commit it on releases | |
| if: ${{ github.event_name != 'pull_request' }} | |
| with: | |
| add: "charts/" | |
| message: "chore(helm): reset Chart.yaml changelog annotations" | |
| push: origin HEAD:master |