dependabot merger #272
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: dependabot merger | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '17 09 * * *' # trigger daily at 09:17 a.m., as dependabot will create new PRs daily at 6:00 a.m. | |
| env: | |
| DEPENDABOT_GROUPS: | | |
| production-minor-patch group | |
| plugins group | |
| test group | |
| github-actions group | |
| jobs: | |
| review-prs: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Approve and Merge PRs | |
| run: | | |
| PRS=$(gh pr list --app "dependabot" --state "open" --json number,title,autoMergeRequest,reviewDecision,mergeable,mergeStateStatus) | |
| PR_NUMBERS= | |
| while IFS= read -r GROUP; do | |
| if [[ -z "$GROUP" ]]; then | |
| continue | |
| fi | |
| MATCHES=$(jq -r --arg group "$GROUP" '.[] | select(.title | contains($group)) | .number' <<< "$PRS") | |
| echo "[DEBUG] Found PRs for group '$GROUP': '$MATCHES'" | |
| PR_NUMBERS="$MATCHES"$'\n'"$PR_NUMBERS" | |
| done <<< "${{ env.DEPENDABOT_GROUPS }}" | |
| echo "[DEBUG] Approving and Merging following PRs: '$PR_NUMBERS'" | |
| while IFS= read -r PR_NUMBER; do | |
| if [[ -z "$PR_NUMBER" ]]; then | |
| continue | |
| fi | |
| echo "[DEBUG] Approving and Merging PR #$PR_NUMBER" | |
| # check if PR is already approved | |
| REVIEW_DECISION=$(jq -r --arg pr "$PR_NUMBER" '.[] | select(.number == ($pr | tonumber)) | .reviewDecision' <<< "$PRS") | |
| if [[ "$REVIEW_DECISION" == "APPROVED" ]]; then | |
| echo "[DEBUG] PR #$PR_NUMBER is already approved, skipping" | |
| else | |
| echo "[DEBUG] PR #$PR_NUMBER is not approved yet, approving" | |
| gh pr review "$PR_NUMBER" --approve | |
| fi | |
| # check if PR is already auto-mergeable | |
| AUTO_MERGE_REQUEST=$(jq -r --arg pr "$PR_NUMBER" '.[] | select(.number == ($pr | tonumber)) | .autoMergeRequest' <<< "$PRS") | |
| if [[ -n "$AUTO_MERGE_REQUEST" ]]; then | |
| echo "[DEBUG] PR #$PR_NUMBER is already auto-mergeable, skipping" | |
| else | |
| echo "[DEBUG] PR #$PR_NUMBER is not auto-mergeable yet, enabling auto-merge" | |
| gh pr merge "$PR_NUMBER" --auto --squash | |
| fi | |
| # check if PR is behind, so we can instruct dependabot to rebase | |
| MERGE_STATE_STATUS=$(jq -r --arg pr "$PR_NUMBER" '.[] | select(.number == ($pr | tonumber)) | .mergeStateStatus' <<< "$PRS") | |
| if [[ "$MERGE_STATE_STATUS" == "BEHIND" ]]; then | |
| echo "[DEBUG] PR #$PR_NUMBER is behind, instructing dependabot to rebase" | |
| gh pr comment "$PR_NUMBER" --body "@dependabot rebase" | |
| fi | |
| done <<< "$PR_NUMBERS" | |
| env: | |
| GH_TOKEN: ${{ secrets.CLOUD_SDK_AT_SAP_ALL_ACCESS_PAT }} |