chore: add bun.lock file to manage dependencies and lock versions #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependabot Commit Signer | |
| on: | |
| pull_request_target: | |
| types: [opened, reopened] | |
| jobs: | |
| append-signature: | |
| name: Sign Commit Message | |
| if: github.actor == 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout Dependabot Branch | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| fetch-depth: 0 | |
| - name: Configure Git Identity | |
| run: | | |
| git config --global user.name "github-actions[bot]" | |
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
| - name: Inject Valid Co-authored Trailer | |
| env: | |
| OWNER_NAME: ${{ github.repository_owner }} | |
| OWNER_ID: ${{ github.event.repository.owner.id }} | |
| run: | | |
| # 1. Fetch the raw commit description generated by Dependabot | |
| ORIGINAL_MSG=$(git log -1 --pretty=%B) | |
| # 2. Build your profile's anonymous GitHub no-reply email string dynamically | |
| COAUTHOR_EMAIL="${OWNER_ID}+${OWNER_NAME}@users.noreply.github.com" | |
| # 3. Assemble the explicit Git trailer layout | |
| # Two consecutive newlines (\n\n) provide the mandatory empty line spacer. | |
| TRAILER="Co-authored-by: ${OWNER_NAME} <${COAUTHOR_EMAIL}>" | |
| # 4. Reconstruct and rewrite the metadata commit block | |
| # Using printf ensures that trailing newlines parse perfectly into the Git log ledger. | |
| printf "%s\n\n%s\n" "$ORIGINAL_MSG" "$TRAILER" > .git/commit_msg.tmp | |
| git commit --amend -F .git/commit_msg.tmp | |
| # 5. Push the signed update securely to the target pull request | |
| git push origin HEAD:${{ github.event.pull_request.head.ref }} --force |