[Snyk] Fix for 20 vulnerabilities #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This CI is disabled on main and meant to be enabled on forks as an easy way to cherry pick fork commits into main. | |
# In order to submit a PR from your repo to the Cosmos SDK, a PRBOT_PAT secret (personal access token) must be available for the GitHub Action (Settings > Secrets > Actions). | |
# The PR will be submitted from the user of the PAT. Note, the PRBOT_PAT user must have write access to the repo. | |
name: Cherry pick PR to Cosmos SDK | |
on: | |
# Set to trigger on every merge to main, not just a closed PR. | |
workflow_dispatch: | |
pull_request_target: | |
branches: | |
- main | |
types: ["closed"] | |
jobs: | |
cherry_pick: | |
permissions: write-all | |
runs-on: ubuntu-latest | |
name: Cherry pick into main | |
if: github.event.pull_request.merged == true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Create PR Patch Branch | |
shell: bash | |
env: | |
PR_NAME: pr-patch-${{ github.sha }} | |
run: | | |
git config --global user.name "${{ github.actor }}" # Config have to be set for pushing the cherry-picked changes onto fork pr-patch branch. | |
git config --global user.email "${{ github.actor }}@users.noreply.github.com" | |
git remote add upstream https://github.com/cosmos/cosmos-sdk.git | |
git fetch --all # Get the latest code | |
git checkout -b $PR_NAME upstream/main # Create new branch based on main branch | |
git cherry-pick -X theirs ${{ github.sha }} # Cherry pick the latest commit of PR | |
git push -u origin $PR_NAME # Push your changes to the remote branch | |
- name: Autocreate PR | |
shell: bash | |
env: | |
GH_TOKEN: ${{ secrets.PRBOT_PAT }} | |
run: | | |
gh pr create --repo cosmos/cosmos-sdk --base main --head "${{ github.event.repository.owner.login }}:pr-patch-${{ github.sha }}" --title "${{ github.event.pull_request.title }}" --body "Automated PR for commit: ${{ github.sha }} from ${{ github.repository }}" |