From c9386395ac80c32c0b0690720187558d82540178 Mon Sep 17 00:00:00 2001 From: holomekc <30546982+holomekc@users.noreply.github.com> Date: Sat, 2 Dec 2023 10:22:55 +0100 Subject: [PATCH] Dependabot workflows --- .github/workflows/dependabot-approve.yml | 21 +++++++++++ .github/workflows/dependabot-auto-merge.yml | 39 ++++++++++----------- 2 files changed, 39 insertions(+), 21 deletions(-) create mode 100644 .github/workflows/dependabot-approve.yml diff --git a/.github/workflows/dependabot-approve.yml b/.github/workflows/dependabot-approve.yml new file mode 100644 index 00000000..f32ca3ac --- /dev/null +++ b/.github/workflows/dependabot-approve.yml @@ -0,0 +1,21 @@ +name: Dependabot auto-approve +on: pull_request + +permissions: + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Approve a PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} \ No newline at end of file diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index cc459384..3ee4c3b7 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -1,27 +1,24 @@ -# Automatically merge Dependabot PRs when version comparison is within the range -# that is configured in .github/auto-merge.yml +name: Dependabot auto-merge +on: pull_request -name: Auto-Merge Dependabot PRs - -on: - # WARNING: This needs to be run in the PR base, DO NOT build untrusted code in this action - # details under https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/ - pull_request_target: +permissions: + contents: write + pull-requests: write jobs: - auto-merge: - if: github.actor == 'dependabot[bot]' + dependabot: runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Check if PR should be auto-merged - uses: ahmadnassri/action-dependabot-auto-merge@v2 + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1 with: - # In order to use this, you need to go to https://github.com/settings/tokens and - # create a Personal Access Token with the permission "public_repo". - # Enter this token in your repository settings under "Secrets" and name it AUTO_MERGE_TOKEN - github-token: ${{ secrets.AUTO_MERGE_TOKEN }} - # By default, squash and merge, so Github chooses nice commit messages - command: squash and merge \ No newline at end of file + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Enable auto-merge for Dependabot PRs + # if: contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch' + if: !contains(steps.metadata.outputs.dependency-names, '@types/node') + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} \ No newline at end of file