Validate actions during their creation #2276
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Dependabot auto-merge | |
on: pull_request_target | |
permissions: | |
pull-requests: write | |
contents: write | |
packages: read | |
jobs: | |
dependabot: | |
runs-on: ubuntu-latest | |
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} | |
steps: | |
## Extract information about the dependencies being updated by a Dependabot-generated PR | |
- name: Dependabot metadata | |
id: dependabot-metadata | |
uses: dependabot/[email protected] | |
with: | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
## NOTE: This step is only required if the repository has been configured to Require approval | |
## Checks if update-type is patch or minor, then approve if the PR status is not approved yet. | |
## Token with PR approval permission is required | |
- name: Approve patch and minor updates | |
if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}} | |
run: | | |
gh pr checkout "$PR_URL" | |
if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ]; | |
then | |
gh pr review --approve "$PR_URL" | |
else | |
echo "PR already approved."; | |
fi | |
env: | |
PR_URL: ${{github.event.pull_request.html_url}} | |
GITHUB_TOKEN: ${{secrets.PR_APPROVE_TOKEN}} | |
## NOTE: Requirements for merge has to be configured in the Branch protection rule page. | |
## To do so, go to repository > Settings > Branches > Edit. | |
- name: Enable auto-merge for Dependabot PRs | |
if: ${{ contains(github.event.pull_request.title, 'bump')}} | |
run: gh pr merge --auto --merge "$PR_URL" | |
env: | |
PR_URL: ${{github.event.pull_request.html_url}} | |
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} |