Update patch dependencies #1518
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Auto approve and merge PRs by dependabot | |
# Trigger the workflow on pull request | |
on: pull_request | |
permissions: | |
pull-requests: write | |
contents: write | |
jobs: | |
auto-approve: | |
name: Automatically approve dependabot PRs | |
runs-on: ubuntu-latest | |
env: | |
is_bot1: ${{ github.actor == 'dependabot[bot]' }} | |
is_bot2: ${{ github.actor == 'dependabot-preview[bot]' }} | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
with: | |
disable-sudo: true | |
egress-policy: audit | |
disable-telemetry: false | |
allowed-endpoints: > | |
api.github.com:443 | |
- name: Dependabot metadata | |
id: metadata | |
uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34 # v2.2.0 | |
with: | |
skip-verification: true | |
if: ${{ github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' }} | |
continue-on-error: true | |
- name: Auto approve patch and minor | |
env: | |
is_patch: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' }} | |
is_minor: ${{ steps.metadata.outputs.update-type == 'version-update:semver-minor' }} | |
if: ${{ (env.is_patch || env.is_minor) && (env.is_bot1 || env.is_bot2) }} | |
uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 | |
# Perform the auto-approve action only when the PR is raised by dependabot and is a minor or patch | |
with: | |
# Create a personal access token and store it under the Secrets section of the particular repository | |
# with the key "DEPENDABOT_ACTIONS_TOKEN" | |
github-token: ${{ secrets.DEPENDABOT_ACTIONS_SECRET }} | |
continue-on-error: true | |
- name: Auto merge | |
uses: pascalgn/automerge-action@7961b8b5eec56cc088c140b56d864285eabd3f67 # v0.16.4 | |
# Perform the auto-merge action only when the PR is raised by dependabot for patch or minor | |
if: ${{ (env.is_patch || env.is_minor) && (env.is_bot1 || env.is_bot2) }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.DEPENDABOT_ACTIONS_SECRET }} | |
# Whenever dependabot raises a PR, it automatically assigns a label named "dependencies" | |
# Merges those PRs labelled "dependencies" only | |
MERGE_LABELS: dependencies | |
MERGE_METHOD: rebase | |
continue-on-error: true |