chore(ci): replace mergify with automerge workflow (#241)

This also makes sure the required status checks (the diff jobs) actually fail if there is an error while running `terraform plan`.
cdktf · Dec 20, 2023 · b4d0dbd · b4d0dbd
1 parent a335437
commit b4d0dbd
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 3 deletions.
diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
@@ -0,0 +1,24 @@
+name: automerge
+on:
+  pull_request_target:
+    types:
+      - opened
+      - labeled
+      - ready_for_review
+      - reopened
+      - synchronize
+concurrency: ${{ github.workflow }}-${{ github.head_ref }}
+jobs:
+  automerge:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    if: contains(github.event.pull_request.labels.*.name, 'automerge') && !contains(github.event.pull_request.labels.*.name, 'do-not-merge') && github.event.pull_request.draft == false
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Turn on automerge for this PR by a trusted user or bot
+        if: github.event.pull_request.user.login == 'team-tf-cdk' || contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association) || github.actor == 'dependabot[bot]'
+        env:
+          GH_TOKEN: ${{ secrets.GH_COMMENT_TOKEN }}
+        run: gh pr merge --auto --squash ${{ github.event.pull_request.number }}
diff --git a/.github/workflows/diff-cdktf-stacks.yml b/.github/workflows/diff-cdktf-stacks.yml
@@ -28,11 +28,13 @@ jobs:
           cli_config_credentials_token: ${{ secrets.TF_CLOUD_TOKEN }}
           terraform_wrapper: false
 
-      - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+      - name: Setup Node.js
+        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
         with:
           node-version: "18"
 
-      - run: yarn install
+      - name: Install
+        run: yarn install
       - name: Synth
         run: "$(yarn bin)/cdktf synth"
       - name: Plan
@@ -45,8 +47,9 @@ jobs:
           terraform plan -no-color | tee ../../../plan_stdout_${{ matrix.stack }}.txt; echo $?
           set +o pipefail
         continue-on-error: true
-      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      - name: Comment the plan output on the PR
         if: contains(github.event_name, 'pull_request') # pull_request or pull_request_target
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           github-token: ${{ secrets.GH_COMMENT_TOKEN }}
           script: |
@@ -62,3 +65,9 @@ jobs:
               workflowName: "${{github.workflow}}",
               stackName: "${{matrix.stack}}" 
             })
+      - name: Fail this check if the plan was not successful
+        if: ${{ steps.plan.outcome != "success" }}
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+        with:
+          script: |
+            core.setFailed('Terraform plan was not successful')