Add a GitHub Workflow to automate the update of lockfiles whenever a release PR is closed when needed. PiperOrigin-RevId: 650650464 Change-Id: I02598ee89c756d58c010fdb5b2522b493439f2b2

commit: c3e7ddb81a746ba2ba05d295b0b2eebd218b56c5 [log] [tgz]
author: Googler <noreply@google.com> Tue Jul 09 09:10:59 2024 -0700
committer: Copybara-Service <copybara-worker@google.com> Tue Jul 09 09:14:29 2024 -0700
tree: 61caecbc74151a1195d591ac33ab43e5f5f5ebce
parent: 8f16990345a8846696d23111c023cb79f769c79a [diff]
diff --git a/.github/workflows/update-lockfiles.yml b/.github/workflows/update-lockfiles.yml
new file mode 100644
index 0000000..3a61fbf
--- /dev/null
+++ b/.github/workflows/update-lockfiles.yml

@@ -0,0 +1,29 @@
+name: update-lockfiles
+
+on:
+  pull_request_target:
+    branches:
+      - "release-**"
+    types:
+      - closed
+
+permissions:
+  contents: read
+
+env:
+  GH_TOKEN: ${{ secrets.BAZEL_IO_TOKEN }}
+
+jobs:
+  update-lockfiles:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
+        with:
+          egress-policy: audit
+      - name: Update lockfile(s) on closed PR
+        uses: bazelbuild/continuous-integration/actions/update-lockfile@122ce87694d0dd505a019321a04f8e64378bddbd
+        with:
+          release-branch: ${{ github.base_ref }}
+          is-prod: True
+          pr-number: ${{ github.event.number }}
\ No newline at end of file
commit	c3e7ddb81a746ba2ba05d295b0b2eebd218b56c5	[log] [tgz]
author	Googler <noreply@google.com>	Tue Jul 09 09:10:59 2024 -0700
committer	Copybara-Service <copybara-worker@google.com>	Tue Jul 09 09:14:29 2024 -0700
tree	61caecbc74151a1195d591ac33ab43e5f5f5ebce
parent	8f16990345a8846696d23111c023cb79f769c79a [diff]