Skip to content

Commit 8eef548

Browse files
geeksbsmrtgeeksbsmrt
authored
Fix/dependabot use gh (#44)
* fix(actions): switch auto-merge back to gh cli to handle graphql unstable status * feat(actions): auto-install and update gh cli and tailscale on runner * fix(actions): switch dependabot approval back to native gh cli
1 parent a907703 commit 8eef548

2 files changed

Lines changed: 41 additions & 29 deletions

File tree

.github/workflows/dependabot-auto-merge.yaml

Lines changed: 8 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -18,31 +18,13 @@ jobs:
1818
github-token: "${{ secrets.GITHUB_TOKEN }}"
1919

2020
- name: Approve PR
21-
uses: actions/github-script@v7
22-
with:
23-
github-token: ${{ secrets.GITHUB_TOKEN }}
24-
script: |
25-
await github.rest.pulls.createReview({
26-
owner: context.repo.owner,
27-
repo: context.repo.repo,
28-
pull_number: context.issue.number,
29-
event: 'APPROVE'
30-
});
21+
run: gh pr review --approve "$PR_URL"
22+
env:
23+
PR_URL: ${{github.event.pull_request.html_url}}
24+
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
3125

3226
- name: Enable auto-merge
33-
uses: actions/github-script@v7
34-
with:
35-
github-token: ${{ secrets.GITHUB_TOKEN }}
36-
script: |
37-
await github.graphql(`
38-
mutation($pullRequestId: ID!) {
39-
enablePullRequestAutoMerge(input: {
40-
pullRequestId: $pullRequestId,
41-
mergeMethod: SQUASH
42-
}) {
43-
clientMutationId
44-
}
45-
}
46-
`, {
47-
pullRequestId: context.payload.pull_request.node_id
48-
});
27+
run: gh pr merge --auto --squash "$PR_URL"
28+
env:
29+
PR_URL: ${{github.event.pull_request.html_url}}
30+
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/deploy-prod.yaml

Lines changed: 33 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,36 @@ jobs:
2626
echo "Checking age version..."
2727
age --version
2828
29+
- name: Install or Update GitHub CLI (gh)
30+
run: |
31+
echo "Checking for latest gh release..."
32+
ARCH=$(uname -m)
33+
if [ "$ARCH" = "aarch64" ]; then GH_ARCH="arm64"; elif [[ "$ARCH" == armv* ]]; then GH_ARCH="armv6"; else GH_ARCH="amd64"; fi
34+
GH_VERSION=$(curl -sH "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/cli/cli/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
35+
36+
INSTALL_GH=false
37+
if ! command -v gh &> /dev/null; then
38+
echo "gh not found. Will install version $GH_VERSION"
39+
INSTALL_GH=true
40+
else
41+
CURRENT_VERSION=$(gh --version | head -n 1 | awk '{print $3}')
42+
if [ "$CURRENT_VERSION" != "$GH_VERSION" ]; then
43+
echo "gh version mismatch (current: $CURRENT_VERSION, latest: $GH_VERSION). Updating..."
44+
INSTALL_GH=true
45+
else
46+
echo "gh is up-to-date (version $CURRENT_VERSION)."
47+
fi
48+
fi
49+
50+
if [ "$INSTALL_GH" = true ]; then
51+
echo "Downloading gh version $GH_VERSION for $GH_ARCH..."
52+
curl -sL "https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_${GH_ARCH}.tar.gz" -o gh.tar.gz
53+
tar xzf gh.tar.gz
54+
# Install globally so it's persistent and usable by all workflows
55+
sudo cp "gh_${GH_VERSION}_linux_${GH_ARCH}/bin/gh" "/usr/local/bin/"
56+
echo "Installation complete."
57+
fi
58+
2959
- name: Decrypt secrets.sops.env to .env file on Pi
3060
env:
3161
SOPS_AGE_KEY: ${{ secrets.RUNNER_AGE_PRIVATE_KEY }}
@@ -37,12 +67,12 @@ jobs:
3767
sudo -E chmod 600 "${TARGET_ENV_FILE}"
3868
echo ".env file created at ${TARGET_ENV_FILE} with restricted permissions."
3969
40-
- name: Check for Tailscale and Install if Missing
70+
- name: Install or Update Tailscale
4171
run: |
42-
# This step is already quiet, no changes needed.
4372
if command -v tailscale &> /dev/null
4473
then
45-
echo "Tailscale is already installed. Skipping installation."
74+
echo "Tailscale is already installed. Attempting update..."
75+
sudo tailscale update --yes || echo "Tailscale update failed or unsupported via this method, continuing..."
4676
else
4777
echo "Tailscale not found. Installing..."
4878
curl -fsSL https://tailscale.com/install.sh | sudo sh

0 commit comments

Comments
 (0)