kyverno/.github/workflows/pr-update.yaml

name: PR update

on:
  push:
    branches:
      - 'main'
      - 'release-*'

jobs:
  autoupdate:
    permissions:
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
      - name: Check secret
        id: checksecret
        uses: ./.github/actions/is-defined
        with:
          value: ${{ secrets.PR_UPDATE_TOKEN }}
      - name: Automatically update PR
        if: steps.checksecret.outputs.result == 'true'
        uses: adRise/update-pr-branch@437fab6e0ac7d2a668f2c479f64225edd7f303fd # v0.6.0
        with:
          token: ${{ secrets.PR_UPDATE_TOKEN }}
          base: ${{ github.ref_name }}
          required_approval_count: 1
          require_passed_checks: false
          sort: updated
          direction: asc