-
Notifications
You must be signed in to change notification settings - Fork 0
61 lines (61 loc) · 2.22 KB
/
servicing.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
---
# Check for TODOs and merge PRs from Dependabot
name: Servicing
on:
push:
branches: [main]
pull_request_target:
# Dependabot: will be executed if all filters are fulfilled
branches: [main]
types: [labeled]
paths: ['**.json', '**.yml']
workflow_dispatch:
# permissions:
# checks: write
# pull-requests: write
# …
# "When the permissions key is used, all unspecified permissions are set to no access."
# Make sure you know all the permissions well, otherwise errors will keep popping up and bothering you.
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
jobs:
to-do:
runs-on: ubuntu-latest
if: ${{ github.actor != 'dependabot[bot]' }}
steps:
- uses: actions/checkout@v3
# https://github.com/alstr/todo-to-issue-action
- uses: alstr/[email protected]
if: ${{ github.event_name == 'push' }}
with:
TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO: ${{ github.repository }}
# The SHA of the last pushed commit
BEFORE: ${{ github.event.before }}
# The SHA of the latest commit
SHA: ${{ github.sha }}
AUTO_ASSIGN: true
dependabot:
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#approve-a-pull-request
name: Dependabot approve&merge
runs-on: ubuntu-latest
# Not requiring successful prior job
if: ${{ always() && github.actor == 'dependabot[bot]' }}
needs: [to-do]
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Auto-approve PR
id: Dependabot_Approve
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- name: Auto-merge PR
if: ${{ steps.Dependabot_Approve.conclusion == 'success' }}
run: gh pr merge --auto --rebase "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}