cookiecutter-django/.github/workflows/dependabot-uv-lock.yml

name: uv

on:
  pull_request:
    paths:
      - "pyproject.toml"

permissions:
  contents: write
  pull-requests: write

jobs:
  lock:
    if: ${{ github.actor == 'dependabot[bot]' }}
    runs-on: ubuntu-latest
    env:
      GH_PAT: ${{ secrets.GH_PAT }}
    steps:
      - name: Checkout with token
        uses: actions/checkout@v5
        if: ${{ env.GH_PAT != '' }}
        with:
          token: ${{ env.GH_PAT }}

      - name: Checkout without token
        uses: actions/checkout@v5
        if: ${{ env.GH_PAT == '' }}

      - uses: astral-sh/setup-uv@v6
      - run: uv lock
      - uses: stefanzweifel/git-auto-commit-action@v6
        with:
          commit_message: Regenerate uv.lock