Upstream Pass CLI Watch #41

Workflow file for this run

.github/workflows/upstream-pass-cli-watch.yml at 7abeaf7

	name: Upstream Pass CLI Watch

	on:
	schedule:
	- cron: "0 13 * * *"
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	watch-upstream:
	name: Watch upstream latest version tag
	runs-on: ubuntu-latest
	# Job-level write grants only where actually needed:
	# contents: write -> peter-evans/create-pull-request pushes a chore branch
	# pull-requests: write -> peter-evans/create-pull-request opens the PR
	permissions:
	contents: write
	pull-requests: write
	steps:
	- name: Checkout
	uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5

	- name: Setup Node.js 24
	uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5
	with:
	node-version: 24

	- name: Compare tracked metadata with upstream latest version tag
	id: watch
	shell: bash
	run: \|
	set +e
	npm run check:upstream:pass-cli -- --report /tmp/pass-cli-upstream-report.json
	code=$?
	cat /tmp/pass-cli-upstream-report.json
	if [ "$code" -eq 2 ]; then
	echo "changed=true" >> "$GITHUB_OUTPUT"
	node -e '
	const fs = require("node:fs");
	const report = JSON.parse(fs.readFileSync("/tmp/pass-cli-upstream-report.json", "utf8"));
	fs.appendFileSync(process.env.GITHUB_OUTPUT, `version=${report.observed.latest_known_version}\n`);
	fs.appendFileSync(process.env.GITHUB_OUTPUT, `published_date=${report.observed.latest_known_version_published_date}\n`);
	fs.appendFileSync(process.env.GITHUB_OUTPUT, `tag_api_url=${report.observed.latest_tag_api_url ?? ""}\n`);
	'
	exit 0
	fi
	echo "changed=false" >> "$GITHUB_OUTPUT"
	exit "$code"

	- name: Sync tracked metadata to observed latest release
	if: steps.watch.outputs.changed == 'true'
	run: npm run check:upstream:pass-cli -- --sync-metadata --report /tmp/pass-cli-upstream-report-sync.json

	- name: Open PR for metadata update
	if: steps.watch.outputs.changed == 'true'
	uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 # v7
	with:
	commit-message: "chore: track pass-cli v${{ steps.watch.outputs.version }}"
	title: "chore: track pass-cli v${{ steps.watch.outputs.version }}"
	branch: "chore/upstream-pass-cli-release-watch"
	delete-branch: true
	body: \|
	Automated update from upstream watch workflow.

	- Latest pass-cli version tag: `${{ steps.watch.outputs.version }}`
	- Published date: `${{ steps.watch.outputs.published_date }}`
	- Tag API URL: ${{ steps.watch.outputs.tag_api_url }}

	This PR only updates tracked upstream metadata. It does not classify behavioral drift.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Upstream Pass CLI Watch #41

Workflow file

Upstream Pass CLI Watch #41

Uh oh!

Workflow file for this run