Skip to content

Commit

Permalink
Dependabot workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
holomekc committed Dec 2, 2023
1 parent 2cfccb8 commit c938639
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 21 deletions.
21 changes: 21 additions & 0 deletions .github/workflows/dependabot-approve.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Dependabot auto-approve
on: pull_request

permissions:
pull-requests: write

jobs:
dependabot:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Approve a PR
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
39 changes: 18 additions & 21 deletions .github/workflows/dependabot-auto-merge.yml
Original file line number Diff line number Diff line change
@@ -1,27 +1,24 @@
# Automatically merge Dependabot PRs when version comparison is within the range
# that is configured in .github/auto-merge.yml
name: Dependabot auto-merge
on: pull_request

name: Auto-Merge Dependabot PRs

on:
# WARNING: This needs to be run in the PR base, DO NOT build untrusted code in this action
# details under https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/
pull_request_target:
permissions:
contents: write
pull-requests: write

jobs:
auto-merge:
if: github.actor == 'dependabot[bot]'
dependabot:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Check if PR should be auto-merged
uses: ahmadnassri/action-dependabot-auto-merge@v2
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v1
with:
# In order to use this, you need to go to https://github.com/settings/tokens and
# create a Personal Access Token with the permission "public_repo".
# Enter this token in your repository settings under "Secrets" and name it AUTO_MERGE_TOKEN
github-token: ${{ secrets.AUTO_MERGE_TOKEN }}
# By default, squash and merge, so Github chooses nice commit messages
command: squash and merge
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Enable auto-merge for Dependabot PRs
# if: contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch'
if: !contains(steps.metadata.outputs.dependency-names, '@types/node')
run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

0 comments on commit c938639

Please sign in to comment.