From 2475761305d026b1252451fd96d6dfc7b59da832 Mon Sep 17 00:00:00 2001 From: Han Qiao Date: Tue, 9 Aug 2022 09:12:19 +0800 Subject: [PATCH] Auto merge minor dependabot updates (#17) --- .github/workflows/dependabot.yml | 40 ++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 .github/workflows/dependabot.yml diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml new file mode 100644 index 0000000..1553d32 --- /dev/null +++ b/.github/workflows/dependabot.yml @@ -0,0 +1,40 @@ +# Adapted from https://blog.somewhatabstract.com/2021/10/11/setting-up-dependabot-with-github-actions-to-approve-and-merge/ +name: Dependabot Pull Request Approve and Merge + +on: pull_request_target + +permissions: + pull-requests: write + contents: write + +jobs: + dependabot: + runs-on: ubuntu-latest + # Checking the actor will prevent your Action run failing on non-Dependabot + # PRs but also ensures that it only does work for Dependabot PRs. + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + # This first step will fail if there's no metadata and so the approval + # will not occur. + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v1.3.3 + with: + github-token: '${{ secrets.GITHUB_TOKEN }}' + + # Here the PR gets approved. + - name: Approve a PR + if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }} + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Finally, this sets the PR to allow auto-merging for patch and minor + # updates if all checks pass + - name: Enable auto-merge for Dependabot PRs + if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }} + run: gh pr merge --auto --rebase "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}