@@ -3,7 +3,7 @@ name: contrib
3
3
on :
4
4
issue_comment :
5
5
types : [created]
6
- pull_request_target :
6
+ pull_request :
7
7
types :
8
8
- opened
9
9
- closed
@@ -24,33 +24,38 @@ concurrency: pr-${{ github.ref }}
24
24
25
25
jobs :
26
26
# Dependabot is annoying, but this makes it a bit less so.
27
- auto-approve- dependabot :
27
+ dependabot :
28
28
runs-on : ubuntu-latest
29
- if : github.event_name == 'pull_request_target '
29
+ if : github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'coder/coder '
30
30
permissions :
31
31
pull-requests : write
32
- steps :
33
- - name : Harden Runner
34
- uses : step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
32
+ steps :
33
+ - name : Dependabot metadata
34
+ id : metadata
35
+ uses : dependabot/fetch-metadata@4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d # v2.2.0
35
36
with :
36
- egress-policy : audit
37
-
38
- - name : auto-approve dependabot
39
- uses : hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
40
- if : github.actor == 'dependabot[bot]'
37
+ github-token : " ${{ secrets.GITHUB_TOKEN }}"
38
+
39
+ - name : Approve the PR
40
+ run : gh pr review --approve "$PR_URL"
41
+ env :
42
+ PR_URL : ${{github.event.pull_request.html_url}}
43
+ GH_TOKEN : ${{secrets.GITHUB_TOKEN}}
44
+
45
+ - name : Enable auto-merge for Dependabot PRs
46
+ if : steps.metadata.outputs.update-type == 'version-update:semver-patch'
47
+ run : gh pr merge --auto --merge "$PR_URL"
48
+ env :
49
+ PR_URL : ${{github.event.pull_request.html_url}}
50
+ GH_TOKEN : ${{secrets.GITHUB_TOKEN}}
41
51
42
52
cla :
43
53
runs-on : ubuntu-latest
44
54
permissions :
45
55
pull-requests : write
46
56
steps :
47
- - name : Harden Runner
48
- uses : step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
49
- with :
50
- egress-policy : audit
51
-
52
57
- name : cla
53
- if : (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target '
58
+ if : (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request '
54
59
uses : contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1
55
60
env :
56
61
GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
69
74
release-labels :
70
75
runs-on : ubuntu-latest
71
76
# Skip tagging for draft PRs.
72
- if : ${{ github.event_name == 'pull_request_target ' && !github.event.pull_request.draft }}
77
+ if : ${{ github.event_name == 'pull_request ' && !github.event.pull_request.draft }}
73
78
steps :
74
- - name : Harden Runner
75
- uses : step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
76
- with :
77
- egress-policy : audit
78
-
79
79
- name : release-labels
80
80
uses : actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
81
81
with :
0 commit comments