Skip to content

Commit f495ff0

Browse files
authored
chore: auto merge dependabot PRs for patch updates (coder#16222)
1 parent 6cbc44b commit f495ff0

File tree

1 file changed

+23
-23
lines changed

1 file changed

+23
-23
lines changed

.github/workflows/contrib.yaml

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ name: contrib
33
on:
44
issue_comment:
55
types: [created]
6-
pull_request_target:
6+
pull_request:
77
types:
88
- opened
99
- closed
@@ -24,33 +24,38 @@ concurrency: pr-${{ github.ref }}
2424

2525
jobs:
2626
# Dependabot is annoying, but this makes it a bit less so.
27-
auto-approve-dependabot:
27+
dependabot:
2828
runs-on: ubuntu-latest
29-
if: github.event_name == 'pull_request_target'
29+
if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'coder/coder'
3030
permissions:
3131
pull-requests: write
32-
steps:
33-
- name: Harden Runner
34-
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
32+
steps:
33+
- name: Dependabot metadata
34+
id: metadata
35+
uses: dependabot/fetch-metadata@4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d # v2.2.0
3536
with:
36-
egress-policy: audit
37-
38-
- name: auto-approve dependabot
39-
uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
40-
if: github.actor == 'dependabot[bot]'
37+
github-token: "${{ secrets.GITHUB_TOKEN }}"
38+
39+
- name: Approve the PR
40+
run: gh pr review --approve "$PR_URL"
41+
env:
42+
PR_URL: ${{github.event.pull_request.html_url}}
43+
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
44+
45+
- name: Enable auto-merge for Dependabot PRs
46+
if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
47+
run: gh pr merge --auto --merge "$PR_URL"
48+
env:
49+
PR_URL: ${{github.event.pull_request.html_url}}
50+
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
4151

4252
cla:
4353
runs-on: ubuntu-latest
4454
permissions:
4555
pull-requests: write
4656
steps:
47-
- name: Harden Runner
48-
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
49-
with:
50-
egress-policy: audit
51-
5257
- name: cla
53-
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
58+
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request'
5459
uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1
5560
env:
5661
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -69,13 +74,8 @@ jobs:
6974
release-labels:
7075
runs-on: ubuntu-latest
7176
# Skip tagging for draft PRs.
72-
if: ${{ github.event_name == 'pull_request_target' && !github.event.pull_request.draft }}
77+
if: ${{ github.event_name == 'pull_request' && !github.event.pull_request.draft }}
7378
steps:
74-
- name: Harden Runner
75-
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
76-
with:
77-
egress-policy: audit
78-
7979
- name: release-labels
8080
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
8181
with:

0 commit comments

Comments
 (0)