ci: Add workflow to automatically approve renovate PRs that can be au…

…tomerged to enable automatic updates of dependencies (#71)
tektronix · Sep 5, 2024 · 40f85f6 · 40f85f6
1 parent 8cb5c6a
commit 40f85f6
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 5 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -10,12 +10,18 @@
         "tektronix/python-package-ci-cd"
     ],
     "packageRules": [
+        {
+            "additionalBranchPrefix": "{{#if (equals manager 'github-actions')}}gh-actions{{else}}{{categories}}{{/if}}-deps/",
+            "description": "Set the branch prefix for all updates",
+            "matchPackageNames": [
+                "*"
+            ]
+        },
         {
             "addLabels": [
                 "docker",
                 "dependencies"
             ],
-            "additionalBranchPrefix": "docker-deps/",
             "commitMessageSuffix": " in all dependant actions",
             "description": "Add docker and dependencies labels to Docker dependency updates",
             "matchManagers": [
@@ -28,7 +34,6 @@
                 "gh-actions",
                 "dependencies"
             ],
-            "additionalBranchPrefix": "gh-actions-deps/",
             "description": "Add gh-actions and dependencies labels to GitHub Action dependency updates",
             "matchManagers": [
                 "github-actions"
@@ -40,7 +45,6 @@
                 "python",
                 "dependencies"
             ],
-            "additionalBranchPrefix": "python-deps/",
             "description": "Add python and dependencies labels to Python dependency updates",
             "matchManagers": [
                 "poetry",
@@ -70,16 +74,22 @@
             ]
         },
         {
+            "additionalBranchPrefix": "automerge/",
             "automerge": true,
             "description": "Automatically merge all patch updates",
             "matchUpdateTypes": [
                 "patch"
             ]
         },
         {
-            "description": "Allow automerge for minor updates of certain packages",
+            "additionalBranchPrefix": "automerge/",
+            "automerge": true,
+            "description": "Allow automatically merging minor updates of certain packages",
             "matchPackageNames": [
                 "certifi"
+            ],
+            "matchUpdateTypes": [
+                "minor"
             ]
         },
         {
@@ -90,6 +100,7 @@
             ]
         },
         {
+            "additionalBranchPrefix": "{{#if (equals manager 'github-actions')}}gh-actions{{else}}{{categories}}{{/if}}-deps/",
             "automerge": false,
             "description": "Group together all python-semantic-release dependencies",
             "groupName": "python-semantic-release dependencies",

diff --git a/.github/workflows/_reusable-package-build.yml b/.github/workflows/_reusable-package-build.yml
@@ -39,7 +39,7 @@ jobs:
       - uses: hynek/build-and-inspect-python-package@2dbbf2b252d3a3c7cec7a810e3ed5983bd17b13a  # v2.8.0
         id: build-pkg
         with:
-          attest-build-provenance-github: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
+          attest-build-provenance-github: ${{ !github.event.pull_request.head.repo.fork && !contains(fromJSON('["dependabot[bot]", "renovate[bot]"]'), github.actor) }}
   # Verify the package can be installed
   install-package:
     name: Install package

diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
@@ -0,0 +1,12 @@
+---
+name: Auto approve Renovate PRs
+on:
+  pull_request_target:
+jobs:
+  auto-approve:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    if: github.actor == 'renovate[bot]' && startsWith(github.head_ref, 'renovate/automerge/')
+    steps:
+      - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363  # v4.0.0