mirror of
https://github.com/YosysHQ/yosys
synced 2025-10-30 19:22:31 +00:00
e609a59325
> A static analysis tool for Github Actions https://github.com/woodruffw/zizmor Mostly means adding `persist-credentials: false` to checkouts and replacing `{{ env.VARNAME }}` with shell substitution.
24 lines
733 B
YAML
24 lines
733 B
YAML
name: update-flake-lock
|
|
on:
|
|
workflow_dispatch: # allows manual triggering
|
|
schedule:
|
|
- cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
|
|
|
|
jobs:
|
|
lockfile:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: false
|
|
- name: Install Nix
|
|
uses: DeterminateSystems/nix-installer-action@main
|
|
- name: Update flake.lock
|
|
uses: DeterminateSystems/update-flake-lock@main
|
|
with:
|
|
token: ${{CI_CREATE_PR_TOKEN}}
|
|
pr-title: "Update flake.lock" # Title of PR to be created
|
|
pr-labels: | # Labels to be set on the PR
|
|
dependencies
|
|
automated
|