diff --git a/.github/workflows/dependabot-auto-merge-forward.yml b/.github/workflows/dependabot-auto-merge-forward.yml new file mode 100644 index 000000000..ad67e4fab --- /dev/null +++ b/.github/workflows/dependabot-auto-merge-forward.yml @@ -0,0 +1,42 @@ +name: Auto Merge Forward Dependabot Commits + +on: + workflow_dispatch: + +permissions: + contents: read + +concurrency: + group: dependabot-auto-merge-forward + +jobs: + get-supported-branches: + uses: spring-io/spring-security-release-tools/.github/workflows/retrieve-spring-supported-versions.yml@actions-v1 + with: + project: spring-session + type: oss + repository_name: spring-projects/spring-session + + auto-merge-forward-dependabot: + name: Auto Merge Forward Dependabot Commits + runs-on: ubuntu-latest + needs: [get-supported-branches] + permissions: + contents: write + steps: + - name: Checkout + id: checkout + uses: actions/checkout@v4 + with: + token: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} + - name: Setup GitHub User + id: setup-gh-user + run: | + git config user.name 'github-actions[bot]' + git config user.email 'github-actions[bot]@users.noreply.github.com' + - name: Run Auto Merge Forward + id: run-auto-merge-forward + uses: spring-io/spring-security-release-tools/.github/actions/auto-merge-forward@actions-v1 + with: + branches: ${{ needs.get-supported-branches.outputs.supported_versions }},main + from-author: dependabot[bot] diff --git a/.github/workflows/merge-dependabot-pr.yml b/.github/workflows/merge-dependabot-pr.yml new file mode 100644 index 000000000..1bda517c9 --- /dev/null +++ b/.github/workflows/merge-dependabot-pr.yml @@ -0,0 +1,52 @@ +name: Merge Dependabot PR + +on: pull_request_target + +run-name: Merge Dependabot PR ${{ github.ref_name }} + +permissions: write-all + +jobs: + merge-dependabot-pr: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + + - uses: actions/checkout@v4 + with: + show-progress: false + ref: ${{ github.event.pull_request.head.sha }} + + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: 17 + + - name: Set Milestone to Dependabot Pull Request + id: set-milestone + run: | + if test -f pom.xml + then + CURRENT_VERSION=$(mvn help:evaluate -Dexpression="project.version" -q -DforceStdout) + else + CURRENT_VERSION=$(cat gradle.properties | sed -n '/^version=/ { s/^version=//;p }') + fi + export CANDIDATE_VERSION=${CURRENT_VERSION/-SNAPSHOT} + MILESTONE=$(gh api repos/$GITHUB_REPOSITORY/milestones --jq 'map(select(.due_on != null and (.title | startswith(env.CANDIDATE_VERSION)))) | .[0] | .title') + + if [ -z $MILESTONE ] + then + gh run cancel ${{ github.run_id }} + echo "::warning title=Cannot merge::No scheduled milestone for $CURRENT_VERSION version" + else + gh pr edit ${{ github.event.pull_request.number }} --milestone $MILESTONE + echo mergeEnabled=true >> $GITHUB_OUTPUT + fi + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Merge Dependabot pull request + if: steps.set-milestone.outputs.mergeEnabled + run: gh pr merge ${{ github.event.pull_request.number }} --auto --rebase + env: + GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} diff --git a/.github/workflows/trigger-dependabot-auto-merge-forward.yml b/.github/workflows/trigger-dependabot-auto-merge-forward.yml new file mode 100644 index 000000000..8b9468390 --- /dev/null +++ b/.github/workflows/trigger-dependabot-auto-merge-forward.yml @@ -0,0 +1,22 @@ +name: Trigger Dependabot Auto Merge Forward + +on: + push: + branches: + - '*.x' + +permissions: read-all + +jobs: + trigger-worflow: + name: Trigger Workflow + runs-on: ubuntu-latest + if: ${{ github.event.commits[0].author.username == 'dependabot[bot]' && github.repository == 'spring-projects/spring-session' }} + steps: + - name: Checkout + id: checkout + uses: actions/checkout@v4 + - id: trigger + env: + GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }} + run: gh workflow run dependabot-auto-merge-forward.yml -r main