Skip to content

[Snyk] Security upgrade jwk-to-pem from 2.0.5 to 2.0.7 #498

[Snyk] Security upgrade jwk-to-pem from 2.0.5 to 2.0.7

[Snyk] Security upgrade jwk-to-pem from 2.0.5 to 2.0.7 #498

Workflow file for this run

# ~~ Generated by projen. To modify, edit .projenrc.js and run "npx projen".
name: build
on:
pull_request: {}
workflow_dispatch: {}
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
self_mutation_happened: ${{ steps.self_mutation.outputs.self_mutation_happened }}
env:
CI: "true"
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Install dependencies
run: yarn install --check-files
- name: build
run: npx projen build
- id: self_mutation
name: Find mutations
run: |-
git add .
git diff --staged --patch --exit-code > .repo.patch || echo "::set-output name=self_mutation_happened::true"
- if: steps.self_mutation.outputs.self_mutation_happened
name: Upload patch
uses: actions/upload-artifact@v2
with:
name: .repo.patch
path: .repo.patch
- name: Fail build on mutation
if: steps.self_mutation.outputs.self_mutation_happened
run: |-
echo "::error::Files were changed during build (see build log). If this was triggered from a fork, you will need to update your branch."
cat .repo.patch
exit 1
self-mutation:
needs: build
runs-on: ubuntu-latest
permissions:
contents: write
if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository)
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@7ce9ffdcdeb2ba82b01b51d6584a6a85872336d4
with:
app_id: ${{ secrets.PROJEN_APP_ID }}
private_key: ${{ secrets.PROJEN_APP_PRIVATE_KEY }}
- name: Checkout
uses: actions/checkout@v2
with:
token: ${{ steps.generate_token.outputs.token }}
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Download patch
uses: actions/download-artifact@v2
with:
name: .repo.patch
path: ${{ runner.temp }}
- name: Apply patch
run: '[ -s ${{ runner.temp }}/.repo.patch ] && git apply ${{ runner.temp }}/.repo.patch || echo "Empty patch. Skipping."'
- name: Set git identity
run: |-
git config user.name "github-actions"
git config user.email "github-actions@github.com"
- name: Push changes
run: |2-
git add .
git commit -s -m "chore: self mutation"
git push origin HEAD:${{ github.event.pull_request.head.ref }}