error-prone-support/.github/workflows/pitest-update-pr.yml

# Updates a pull request based on the corresponding mutation testing analysis
# performed by the `pitest-analyze-pr.yml` workflow. See
# https://blog.pitest.org/oss-pitest-pr/ for details.
name: "Mutation testing: post results"
on:
  workflow_run:
    workflows: ["Mutation testing"]
    types:
      - completed
permissions:
  actions: read
jobs:
  update-pr:
    if: ${{ github.event.workflow_run.conclusion == 'success' && github.repository == 'PicnicSupermarket/error-prone-support' }}
    permissions:
      actions: read
      checks: write
      contents: read
      pull-requests: write
    runs-on: ubuntu-22.04
    steps:
      - name: Install Harden-Runner
        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
        with:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
            api.github.com:443
            github.com:443
            repo.maven.apache.org:443
      - name: Check out code and set up JDK and Maven
        uses: s4u/setup-maven-action@6d44c18d67d9e1549907b8815efa5e4dada1801b # v1.12.0
        with:
          java-version: 17.0.10
          java-distribution: temurin
          maven-version: 3.9.6
      - name: Download Pitest analysis artifact
        uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4
        with:
          workflow: ${{ github.event.workflow_run.workflow_id }}
          name: pitest-reports
          path: ./target/pit-reports-ci
      - name: Update PR
        run: mvn -DrepoToken="${{ secrets.GITHUB_TOKEN }}" pitest-github:updatePR