From 40f85f605dca55033994773602e0ec568d08790e Mon Sep 17 00:00:00 2001 From: Nicholas Felt Date: Thu, 5 Sep 2024 12:58:07 -0700 Subject: [PATCH] ci: Add workflow to automatically approve renovate PRs that can be automerged to enable automatic updates of dependencies (#71) --- .github/renovate.json | 19 +++++++++++++++---- .github/workflows/_reusable-package-build.yml | 2 +- .github/workflows/auto-approve.yml | 12 ++++++++++++ 3 files changed, 28 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/auto-approve.yml diff --git a/.github/renovate.json b/.github/renovate.json index caa22da4..f78f8302 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -10,12 +10,18 @@ "tektronix/python-package-ci-cd" ], "packageRules": [ + { + "additionalBranchPrefix": "{{#if (equals manager 'github-actions')}}gh-actions{{else}}{{categories}}{{/if}}-deps/", + "description": "Set the branch prefix for all updates", + "matchPackageNames": [ + "*" + ] + }, { "addLabels": [ "docker", "dependencies" ], - "additionalBranchPrefix": "docker-deps/", "commitMessageSuffix": " in all dependant actions", "description": "Add docker and dependencies labels to Docker dependency updates", "matchManagers": [ @@ -28,7 +34,6 @@ "gh-actions", "dependencies" ], - "additionalBranchPrefix": "gh-actions-deps/", "description": "Add gh-actions and dependencies labels to GitHub Action dependency updates", "matchManagers": [ "github-actions" @@ -40,7 +45,6 @@ "python", "dependencies" ], - "additionalBranchPrefix": "python-deps/", "description": "Add python and dependencies labels to Python dependency updates", "matchManagers": [ "poetry", @@ -70,6 +74,7 @@ ] }, { + "additionalBranchPrefix": "automerge/", "automerge": true, "description": "Automatically merge all patch updates", "matchUpdateTypes": [ @@ -77,9 +82,14 @@ ] }, { - "description": "Allow automerge for minor updates of certain packages", + "additionalBranchPrefix": "automerge/", + "automerge": true, + "description": "Allow automatically merging minor updates of certain packages", "matchPackageNames": [ "certifi" + ], + "matchUpdateTypes": [ + "minor" ] }, { @@ -90,6 +100,7 @@ ] }, { + "additionalBranchPrefix": "{{#if (equals manager 'github-actions')}}gh-actions{{else}}{{categories}}{{/if}}-deps/", "automerge": false, "description": "Group together all python-semantic-release dependencies", "groupName": "python-semantic-release dependencies", diff --git a/.github/workflows/_reusable-package-build.yml b/.github/workflows/_reusable-package-build.yml index c350a166..3c1aa5b9 100644 --- a/.github/workflows/_reusable-package-build.yml +++ b/.github/workflows/_reusable-package-build.yml @@ -39,7 +39,7 @@ jobs: - uses: hynek/build-and-inspect-python-package@2dbbf2b252d3a3c7cec7a810e3ed5983bd17b13a # v2.8.0 id: build-pkg with: - attest-build-provenance-github: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }} + attest-build-provenance-github: ${{ !github.event.pull_request.head.repo.fork && !contains(fromJSON('["dependabot[bot]", "renovate[bot]"]'), github.actor) }} # Verify the package can be installed install-package: name: Install package diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml new file mode 100644 index 00000000..e9265191 --- /dev/null +++ b/.github/workflows/auto-approve.yml @@ -0,0 +1,12 @@ +--- +name: Auto approve Renovate PRs +on: + pull_request_target: +jobs: + auto-approve: + runs-on: ubuntu-latest + permissions: + pull-requests: write + if: github.actor == 'renovate[bot]' && startsWith(github.head_ref, 'renovate/automerge/') + steps: + - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0