Skip to content

[Snyk] Fix for 20 vulnerabilities #6

[Snyk] Fix for 20 vulnerabilities

[Snyk] Fix for 20 vulnerabilities #6

# This CI is disabled on main and meant to be enabled on forks as an easy way to cherry pick fork commits into main.
# In order to submit a PR from your repo to the Cosmos SDK, a PRBOT_PAT secret (personal access token) must be available for the GitHub Action (Settings > Secrets > Actions).
# The PR will be submitted from the user of the PAT. Note, the PRBOT_PAT user must have write access to the repo.
name: Cherry pick PR to Cosmos SDK
on:
# Set to trigger on every merge to main, not just a closed PR.
workflow_dispatch:
pull_request_target:
branches:
- main
types: ["closed"]
jobs:
cherry_pick:
permissions: write-all
runs-on: ubuntu-latest
name: Cherry pick into main
if: github.event.pull_request.merged == true
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Create PR Patch Branch
shell: bash
env:
PR_NAME: pr-patch-${{ github.sha }}
run: |
git config --global user.name "${{ github.actor }}" # Config have to be set for pushing the cherry-picked changes onto fork pr-patch branch.
git config --global user.email "${{ github.actor }}@users.noreply.github.com"
git remote add upstream https://github.com/cosmos/cosmos-sdk.git
git fetch --all # Get the latest code
git checkout -b $PR_NAME upstream/main # Create new branch based on main branch
git cherry-pick -X theirs ${{ github.sha }} # Cherry pick the latest commit of PR
git push -u origin $PR_NAME # Push your changes to the remote branch
- name: Autocreate PR
shell: bash
env:
GH_TOKEN: ${{ secrets.PRBOT_PAT }}
run: |
gh pr create --repo cosmos/cosmos-sdk --base main --head "${{ github.event.repository.owner.login }}:pr-patch-${{ github.sha }}" --title "${{ github.event.pull_request.title }}" --body "Automated PR for commit: ${{ github.sha }} from ${{ github.repository }}"