.github/workflows/downstream-version-bump.yml - external/github.com/pyca/cryptography - Git at Google

 name: Bump downstream dependencies
 permissions:
   contents: read

 on:
   workflow_dispatch:
   schedule:
     # Run daily
     - cron: "0 10 * * *"

 jobs:
   bump:
     if: github.repository_owner == 'pyca'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           # Needed so we can push back to the repo
           persist-credentials: true
       - name: Parse downstream dependencies
         id: downstream-bump
         run: ./.github/bin/bump_downstreams.sh
       - uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
         id: generate-token
         with:
           app-id: ${{ secrets.BORINGBOT_APP_ID }}
           private-key: ${{ secrets.BORINGBOT_PRIVATE_KEY }}
           permission-contents: write
           permission-pull-requests: write
           permission-workflows: write
         if: steps.downstream-bump.outputs.HAS_UPDATES == 'true'
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
         with:
           branch: "bump-downstreams"
           commit-message: "Bump downstream dependencies in CI"
           title: "Bump downstream dependencies in CI"
           author: "pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>"
           body: |
             ${{ steps.downstream-bump.outputs.COMMIT_MSG }}
           token: ${{ steps.generate-token.outputs.token }}
         if: steps.downstream-bump.outputs.HAS_UPDATES == 'true'
	name: Bump downstream dependencies
	permissions:
	contents: read

	on:
	workflow_dispatch:
	schedule:
	# Run daily
	- cron: "0 10 * * *"

	jobs:
	bump:
	if: github.repository_owner == 'pyca'
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
	with:
	# Needed so we can push back to the repo
	persist-credentials: true
	- name: Parse downstream dependencies
	id: downstream-bump
	run: ./.github/bin/bump_downstreams.sh
	- uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
	id: generate-token
	with:
	app-id: ${{ secrets.BORINGBOT_APP_ID }}
	private-key: ${{ secrets.BORINGBOT_PRIVATE_KEY }}
	permission-contents: write
	permission-pull-requests: write
	permission-workflows: write
	if: steps.downstream-bump.outputs.HAS_UPDATES == 'true'
	- name: Create Pull Request
	uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
	with:
	branch: "bump-downstreams"
	commit-message: "Bump downstream dependencies in CI"
	title: "Bump downstream dependencies in CI"
	author: "pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>"
	body: \|
	${{ steps.downstream-bump.outputs.COMMIT_MSG }}
	token: ${{ steps.generate-token.outputs.token }}
	if: steps.downstream-bump.outputs.HAS_UPDATES == 'true'