-
-
Notifications
You must be signed in to change notification settings - Fork 41
87 lines (77 loc) · 4.03 KB
/
update.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# This workflow merges requests from Dependabot if tests are passing
# Ref: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
# Ref: https://github.com/dependabot/fetch-metadata
name: Auto-merge
# `pull_request_target` means this uses code in the base branch, not the PR.
on: pull_request_target
# Dependabot PRs' tokens have read permissions by default and thus we must enable write permissions.
permissions:
contents: write
pull-requests: write
jobs:
dependencies:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
# Fetch PR metadata
- name: Fetch PR metadata
id: metadata
uses: dependabot/fetch-metadata@v1.6.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
# Get PR title to extract the version change information
# The title of the Dependabot PR contains the old and new version numbers.
- name: Get PR Title
id: pr-title
run: echo "PR_TITLE=${{ github.event.pull_request.title }}" >> $GITHUB_ENV
# Extract old and new version numbers from the PR title
# We use regex to capture the old and new version numbers from the PR title format
# The format usually looks like "Bump package-name from x.y.z to a.b.c"
# If there is no version number in the PR title, the workflow will exit with an error so we manually need to verify the version numbers.
- name: Extract old and new versions
id: extract-versions
run: |
if [[ "${{ env.PR_TITLE }}" =~ from[[:space:]]?([0-9]+\.[0-9]+\.[0-9]+)[[:space:]]?to[[:space:]]?([0-9]+\.[0-9]+\.[0-9]+) ]]; then
echo "OLD_VERSION=${BASH_REMATCH[1]}" >> $GITHUB_ENV
echo "NEW_VERSION=${BASH_REMATCH[2]}" >> $GITHUB_ENV
else
echo "Version numbers not found in PR title."
exit 1
fi
# Check the type of version bump (major, minor, or patch)
# We compare the major version numbers between old and new versions.
# If the new major version is greater than the old one, it's a major bump.
- name: Check version bump type
id: check-bump-type
run: |
IFS='.' read -r -a old_version_parts <<< "${{ env.OLD_VERSION }}"
IFS='.' read -r -a new_version_parts <<< "${{ env.NEW_VERSION }}"
if [[ "${new_version_parts[0]}" -gt "${old_version_parts[0]}" ]]; then
echo "MAJOR_BUMP=true" >> $GITHUB_ENV
else
echo "MAJOR_BUMP=false" >> $GITHUB_ENV
fi
# Wait for all CI checks on the PR to pass
# Don't merge updates to GitHub Actions versions automatically.
# We also prevent auto-merging if a major version bump is detected.
# (Some repos may wish to limit by version range (major/minor/patch), or scope (dep vs dev-dep), too.)
- name: Wait for PR CI
if: contains(steps.metadata.outputs.package-ecosystem, 'npm') && env.MAJOR_BUMP == 'false'
uses: lewagon/wait-on-check-action@v1.3.3
with:
ref: ${{ github.event.pull_request.head.sha }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
wait-interval: 30 # seconds
running-workflow-name: dependencies # wait for all checks except this one
allowed-conclusions: success,skipped # all other checks must pass; being skipped or canceled is not sufficient
# Auto-merge Dependabot PRs
# Don't merge updates to GitHub Actions versions automatically.
# Ensure that only non-major version bumps (minor or patch) are merged automatically.
# The "auto" flag will only merge once all of the target branch's required checks
# are met. Configure those in the "branch protection" settings for each repo.
- name: Auto-merge dependabot PRs
if: contains(steps.metadata.outputs.package-ecosystem, 'npm') && env.MAJOR_BUMP == 'false'
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh pr merge --auto --squash "$PR_URL"