Merge pull request #4 from troykelly/add-dependabot-ci

Adding dependabot ci handling
troykelly · Oct 6, 2022 · 4ea87f6 · 4ea87f6
2 parents c12bd79 + dd5e3b2
commit 4ea87f6
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 11 deletions.
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -6,3 +6,8 @@ updates:
     schedule:
       interval: daily
       time: "06:00"
+  - package-ecosystem: "docker"
+    directory: "/xteve"
+    schedule:
+      interval: daily
+      time: "06:00"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -11,6 +11,10 @@ on:
       - synchronize
   workflow_dispatch:
 
+permissions:
+  pull-requests: write
+  contents: write
+
 jobs:
   information:
     name: Gather add-on information
@@ -145,3 +149,31 @@ jobs:
         run: |
           rm -rf /tmp/.buildx-cache
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+
+  dependabot:
+    runs-on: ubuntu-latest
+    # Checking the actor will prevent your Action run failing on non-Dependabot
+    # PRs but also ensures that it only does work for Dependabot PRs.
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      # This first step will fail if there's no metadata and so the approval
+      # will not occur.
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v1.3.4
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      # Here the PR gets approved.
+      - name: Approve a PR
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      # Finally, this sets the PR to allow auto-merging for patch and minor
+      # updates if all checks pass
+      - name: Enable auto-merge for Dependabot PRs
+        if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/xteve/Dockerfile b/xteve/Dockerfile
@@ -1,4 +1,4 @@
-FROM ghcr.io/aperim/nvidia-cuda-ffmpeg:latest
+FROM ghcr.io/aperim/nvidia-cuda-ffmpeg:0.1.9
 
 RUN apt-get update && \
     apt-get -y --allow-change-held-packages full-upgrade && \
@@ -11,16 +11,9 @@ RUN mkdir -p /opt/xteve /etc/xteve/config && \
     mv ./xteve /usr/bin/ && \
     chmod 755 /usr/bin/xteve && \
     rm -rf /var/lib/apt/lists/* /opt/xteve && \
-    addgroup --gid 1000 xteve && \
-    adduser --home /etc/xteve \
-        --shell /usr/sbin/nologin \
-        --no-create-home \
-        --uid 1000 \
-        --gid 1000 \
-        --gecos xteve,xteve,,,xteve \
-        --disabled-password \
-        --disabled-login \
-        xteve
+    usermod -l xteve ffmpeg && \
+    groupmod --new-name xteve ffmpeg && \
+    usermod -d /etc/xteve xteve
 
 COPY ./xteve/rootfs /