From 47c5fe602bf67a26ef8dc69a8fe19496e5e7cc33 Mon Sep 17 00:00:00 2001 From: Takahiro Miyoshi Date: Tue, 2 Jul 2024 23:37:31 +0900 Subject: [PATCH] Setup dependabot --- .github/dependabot.yml | 18 ++++++++++++ .github/workflows/dependabot-automerge.yml | 32 ++++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/dependabot-automerge.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..d869aad --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,18 @@ +version: 2 + +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + day: friday + time: "20:00" + timezone: Asia/Tokyo + + - package-ecosystem: npm + directory: / + schedule: + interval: weekly + day: friday + time: "20:00" + timezone: Asia/Tokyo diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml new file mode 100644 index 0000000..e9ebe40 --- /dev/null +++ b/.github/workflows/dependabot-automerge.yml @@ -0,0 +1,32 @@ +name: Dependabot + +on: + pull_request: + branches: ["main"] + +jobs: + auto-merge: + if: github.actor == 'dependabot[bot]' + + runs-on: ubuntu-latest + + permissions: + contents: write + pull-requests: write + + steps: + - name: Fetch dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2.1.0 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + + - name: Enable auto-merge + if: | + steps.metadata.outputs.update-type == 'version-update:semver-patch' || + (steps.metadata.outputs.dependency-type != 'direct:production' && steps.metadata.outputs.update-type != 'version-update:semver-major') || + (steps.metadata.outputs.package-ecosystem == 'github_actions' && steps.metadata.outputs.update-type != 'version-update:semver-major') + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.GITHUB_TOKEN}}