Skip to content

Commit e4ddc41

Browse files
matifalimatifali
authored
chore: auto merge dependabot PRs
Based on the instructions from https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
1 parent 923ef56 commit e4ddc41

File tree

1 file changed

+20
-31
lines changed

1 file changed

+20
-31
lines changed

.github/workflows/contrib.yaml

Lines changed: 20 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -3,18 +3,7 @@ name: contrib
33
on:
44
issue_comment:
55
types: [created]
6-
pull_request_target:
7-
types:
8-
- opened
9-
- closed
10-
- synchronize
11-
- labeled
12-
- unlabeled
13-
- opened
14-
- reopened
15-
- edited
16-
# For jobs that don't run on draft PRs.
17-
- ready_for_review
6+
pull_request:
187

198
permissions:
209
contents: read
@@ -24,31 +13,36 @@ concurrency: pr-${{ github.ref }}
2413

2514
jobs:
2615
# Dependabot is annoying, but this makes it a bit less so.
27-
auto-approve-dependabot:
16+
dependabot:
2817
runs-on: ubuntu-latest
2918
if: github.event_name == 'pull_request_target'
3019
permissions:
3120
pull-requests: write
32-
steps:
33-
- name: Harden Runner
34-
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
21+
steps:
22+
- name: Dependabot metadata
23+
id: metadata
24+
uses: dependabot/fetch-metadata@4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d # v2.2.0
3525
with:
36-
egress-policy: audit
37-
38-
- name: auto-approve dependabot
39-
uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
40-
if: github.actor == 'dependabot[bot]'
26+
github-token: "${{ secrets.GITHUB_TOKEN }}"
27+
28+
- name: Approve the PR
29+
run: gh pr review --approve "$PR_URL"
30+
env:
31+
PR_URL: ${{github.event.pull_request.html_url}}
32+
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
33+
34+
- name: Enable auto-merge for Dependabot PRs
35+
if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
36+
run: gh pr merge --auto --merge "$PR_URL"
37+
env:
38+
PR_URL: ${{github.event.pull_request.html_url}}
39+
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
4140

4241
cla:
4342
runs-on: ubuntu-latest
4443
permissions:
4544
pull-requests: write
4645
steps:
47-
- name: Harden Runner
48-
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
49-
with:
50-
egress-policy: audit
51-
5246
- name: cla
5347
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
5448
uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1
@@ -71,11 +65,6 @@ jobs:
7165
# Skip tagging for draft PRs.
7266
if: ${{ github.event_name == 'pull_request_target' && !github.event.pull_request.draft }}
7367
steps:
74-
- name: Harden Runner
75-
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
76-
with:
77-
egress-policy: audit
78-
7968
- name: release-labels
8069
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
8170
with:

0 commit comments

Comments
 (0)