From 0fdc241cb8c5cc4bd77585b0d24940bc3279aa35 Mon Sep 17 00:00:00 2001 From: Jordan Krage Date: Tue, 16 Jun 2026 13:01:14 -0500 Subject: [PATCH] .github/workflows: convert dependabump to re-usable workflow --- .github/workflows/dependabump.yml | 68 ++----------------------------- 1 file changed, 4 insertions(+), 64 deletions(-) diff --git a/.github/workflows/dependabump.yml b/.github/workflows/dependabump.yml index db4204e345..6b2556d744 100644 --- a/.github/workflows/dependabump.yml +++ b/.github/workflows/dependabump.yml @@ -9,73 +9,13 @@ permissions: { } jobs: dependabump: - runs-on: ubuntu-latest permissions: contents: write pull-requests: write actions: read security-events: read vulnerability-alerts: read - env: - GH_TOKEN: ${{ github.token }} - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - ref: main - - - name: Set up Go - uses: ./.github/actions/setup-go - with: - go-version-file: "go.mod" - - - name: Bump Dependencies - run: make dependabot - continue-on-error: true - - - name: Notify Failure - if: failure() - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 - with: - method: chat.postMessage - token: ${{ secrets.DEPENDABUMP_SLACK_API_KEY }} - payload: | - channel: ${{ secrets.SLACK_TEAM_CORE_CHANNEL_ID}} - text: "Failed to check for vulnerabilities in `chainlink-common`: <${{ format('https://github.com/{0}/actions/runs/{1}', github.repository, github.run_id) }}|Run>" - - - if: failure() - run: exit 1 - - - name: Create Pull Request - id: pr - uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 - with: - branch: bot/dependabump - commit-message: "bump dependencies" - title: "dependabump" - body: "Upgrading vulnerable dependencies." - sign-commits: true - continue-on-error: true - - - name: Notify PR Failure - if: failure() - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 - with: - method: chat.postMessage - token: ${{ secrets.DEPENDABUMP_SLACK_API_KEY }} - payload: | - channel: ${{ secrets.SLACK_TEAM_CORE_CHANNEL_ID}} - text: "Vulnerabilities detected in `chainlink-common`, but failed to create PR: <${{ format('https://github.com/{0}/actions/runs/{1}', github.repository, github.run_id) }}|Run>" - - - if: failure() - run: exit 1 - - - name: Notify PR Created - if: steps.pr.outputs.pull-request-operation == 'created' || steps.pr.outputs.pull-request-operation == 'updated' - uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1 - with: - method: chat.postMessage - token: ${{ secrets.DEPENDABUMP_SLACK_API_KEY }} - payload: | - channel: ${{ secrets.SLACK_TEAM_CORE_CHANNEL_ID}} - text: "Vulnerabilities detected in `chainlink-common` - upgrading dependencies: <${{ format('https://github.com/{0}/actions/runs/{1}', github.repository, github.run_id) }}|Run> - <${{steps.pr.outputs.pull-request-url}}|PR> :review-time:" + uses: smartcontractkit/.github/.github/workflows/dependabump.yml@CRE-4302-dependabump + secrets: + SLACK_TOKEN: ${{ secrets.DEPENDABUMP_SLACK_API_KEY }} + SLACK_CHANNEL_ID: ${{ secrets.SLACK_TEAM_CORE_CHANNEL_ID }}