From 5da5803c4c99d2fbce6ef8cf45ce1b1f6656c721 Mon Sep 17 00:00:00 2001
From: Austin <vidplace7@gmail.com>
Date: Wed, 19 Feb 2025 07:14:46 -0500
Subject: [PATCH] Trunk: Annotate PRs and Auto-Upgrade (#6091)

---
 .github/workflows/nightly.yml                 | 20 ++++++++++++--
 .github/workflows/trunk_annotate.pr.yml       | 26 +++++++++++++++++++
 .../{trunk-check.yml => trunk_check.yml}      |  0
 3 files changed, 44 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/trunk_annotate.pr.yml
 rename .github/workflows/{trunk-check.yml => trunk_check.yml} (100%)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index e249823a7..7a35e2b99 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -4,9 +4,11 @@ on:
     - cron: 0 8 * * 1-5
   workflow_dispatch: {}
 
+permissions: read-all
+
 jobs:
   trunk_check:
-    name: Trunk Check Upload
+    name: Trunk Check and Upload
     runs-on: ubuntu-latest
 
     steps:
@@ -14,6 +16,20 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Trunk Check
-        uses: trunk-io/trunk-action@782e83f803ca6e369f035d64c6ba2768174ba61b
+        uses: trunk-io/trunk-action@v1
         with:
           trunk-token: ${{ secrets.TRUNK_TOKEN }}
+
+  trunk_upgrade:
+    name: Trunk Upgrade (PR)
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # For trunk to create PRs
+      pull-requests: write # For trunk to create PRs
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # See https://github.com/trunk-io/trunk-action/blob/v1/readme.md#automatic-upgrades
+      - name: Trunk Upgrade
+        uses: trunk-io/trunk-action/upgrade@v1
diff --git a/.github/workflows/trunk_annotate.pr.yml b/.github/workflows/trunk_annotate.pr.yml
new file mode 100644
index 000000000..ac5cdc0d5
--- /dev/null
+++ b/.github/workflows/trunk_annotate.pr.yml
@@ -0,0 +1,26 @@
+name: Annotate PR with trunk issues
+# See: https://github.com/trunk-io/trunk-action/blob/v1/readme.md#getting-inline-annotations-for-fork-prs
+
+on:
+  workflow_run:
+    workflows: [Pull Request] # Name from `trunk_check.yml`
+    types: [completed]
+
+permissions: read-all
+
+jobs:
+  trunk_check:
+    name: Trunk Code Quality Annotate
+    runs-on: ubuntu-latest
+    permissions:
+      checks: write # For trunk to post annotations
+      contents: read # For repo checkout
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Trunk Check
+        uses: trunk-io/trunk-action@v1
+        with:
+          post-annotations: true
diff --git a/.github/workflows/trunk-check.yml b/.github/workflows/trunk_check.yml
similarity index 100%
rename from .github/workflows/trunk-check.yml
rename to .github/workflows/trunk_check.yml