Skip to content

Update patch dependencies #1518

Update patch dependencies

Update patch dependencies #1518

name: Auto approve and merge PRs by dependabot
# Trigger the workflow on pull request
on: pull_request
permissions:
pull-requests: write
contents: write
jobs:
auto-approve:
name: Automatically approve dependabot PRs
runs-on: ubuntu-latest
env:
is_bot1: ${{ github.actor == 'dependabot[bot]' }}
is_bot2: ${{ github.actor == 'dependabot-preview[bot]' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
disable-sudo: true
egress-policy: audit
disable-telemetry: false
allowed-endpoints: >
api.github.com:443
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # v2.2.0
with:
skip-verification: true
if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' }}
continue-on-error: true
- name: Auto approve patch and minor
env:
is_patch: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' }}
is_minor: ${{ steps.metadata.outputs.update-type == 'version-update:semver-minor' }}
if: ${{ (env.is_patch || env.is_minor) && (env.is_bot1 || env.is_bot2) }}
uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
# Perform the auto-approve action only when the PR is raised by dependabot and is a minor or patch
with:
# Create a personal access token and store it under the Secrets section of the particular repository
# with the key "DEPENDABOT_ACTIONS_TOKEN"
github-token: ${{ secrets.DEPENDABOT_ACTIONS_SECRET }}
continue-on-error: true
- name: Auto merge
uses: pascalgn/automerge-action@7961b8b5eec56cc088c140b56d864285eabd3f67 # v0.16.4
# Perform the auto-merge action only when the PR is raised by dependabot for patch or minor
if: ${{ (env.is_patch || env.is_minor) && (env.is_bot1 || env.is_bot2) }}
env:
GITHUB_TOKEN: ${{ secrets.DEPENDABOT_ACTIONS_SECRET }}
# Whenever dependabot raises a PR, it automatically assigns a label named "dependencies"
# Merges those PRs labelled "dependencies" only
MERGE_LABELS: dependencies
MERGE_METHOD: rebase
continue-on-error: true