Copier update (action for dependabot)

.copier-answers.yml

@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier
-_commit: v0.0.41-2-g01ccd8c
+_commit: v0.0.41-10-g38b62f8
 _src_path: gh:LabAutomationAndScreening/copier-base-template.git
 description: Copier template for creating Python libraries and executables
 python_ci_versions:

.github/actions/update-devcontainer-hash/action.yml

@@ -0,0 +1,45 @@
+name: Update Devcontainer Hash
+
+inputs:
+  branch:
+    description: 'Branch to checkout and update'
+    required: true
+
+permissions:
+  contents: write
+
+
+runs:
+  using: composite
+  steps:
+    - name: Verify Dependabot actor
+      if: ${{ github.actor != 'dependabot[bot]' }}
+      run: |
+        echo "Action can only be run by dependabot[bot], but was invoked by ${GITHUB_ACTOR}." >&2
+        exit 1
+
+    - name: Checkout code
+      uses: actions/checkout@v4.2.2
+      with:
+        persist-credentials: true
+        fetch-depth: 1
+        ref: ${{ inputs.branch }}
+
+    - name: Configure Git author
+      run: |
+        git config user.name "github-actions[bot]"
+        git config user.email "github-actions[bot]@users.noreply.github.com"
+
+    - name: Update devcontainer hash
+      run: |
+        python3 .github/workflows/hash_git_files.py . --for-devcontainer-config-update --exit-zero
+
+    - name: Commit & push changes
+      run: |
+        if ! git diff --quiet; then
+          git add .
+          git commit -m "chore: update devcontainer hash [dependabot skip]"
+          git push origin HEAD:${{ inputs.branch }}
+        else
+          echo "No changes to commit"
+        fi

.github/workflows/ci.yaml

@@ -5,7 +5,6 @@ on:
     branches-ignore:
       - 'gh-readonly-queue/**' # don't run (again) when on these special branches created during merge groups; the `on: merge_group` already triggers it.
   merge_group:
-  workflow_dispatch:
 
 env:
   PYTHONUNBUFFERED: True
@@ -16,7 +15,17 @@ permissions:
     contents: write # needed for mutex
 
 jobs:
+  get-values:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Update Devcontainer Hash
+        if: ${{ github.actor == 'dependabot[bot]' }}
+        uses: ./.github/actions/update-devcontainer-hash
+        with:
+          branch: ${{ github.ref_name }}
+
   pre-commit:
+    needs: [ get-values ]
     strategy:
       fail-fast: false
       matrix:
@@ -29,6 +38,8 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4.2.2
+        with:
+          ref: ${{ github.ref_name }} # explicitly get the head of
 
 
 

template/.github/actions/update-devcontainer-hash/action.yml

@@ -0,0 +1,45 @@
+name: Update Devcontainer Hash
+
+inputs:
+  branch:
+    description: 'Branch to checkout and update'
+    required: true
+
+permissions:
+  contents: write
+
+
+runs:
+  using: composite
+  steps:
+    - name: Verify Dependabot actor
+      if: ${{ github.actor != 'dependabot[bot]' }}
+      run: |
+        echo "Action can only be run by dependabot[bot], but was invoked by ${GITHUB_ACTOR}." >&2
+        exit 1
+
+    - name: Checkout code
+      uses: actions/checkout@v4.2.2
+      with:
+        persist-credentials: true
+        fetch-depth: 1
+        ref: ${{ inputs.branch }}
+
+    - name: Configure Git author
+      run: |
+        git config user.name "github-actions[bot]"
+        git config user.email "github-actions[bot]@users.noreply.github.com"
+
+    - name: Update devcontainer hash
+      run: |
+        python3 .github/workflows/hash_git_files.py . --for-devcontainer-config-update --exit-zero
+
+    - name: Commit & push changes
+      run: |
+        if ! git diff --quiet; then
+          git add .
+          git commit -m "chore: update devcontainer hash [dependabot skip]"
+          git push origin HEAD:${{ inputs.branch }}
+        else
+          echo "No changes to commit"
+        fi