From aede24b14da6e396a49e053ce79264e1ffbf35f6 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Wed, 12 Mar 2025 12:26:35 -0700 Subject: [PATCH 1/2] initial --- .github/dependabot.yml | 2 + .github/workflows/dependabot-auto-merge.yml | 44 +++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 .github/workflows/dependabot-auto-merge.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index ba1c6b80a..1aafce715 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,5 @@ updates: directory: "/" # Location of package manifests schedule: interval: "daily" + labels: + - "dependabot" # Custom label to identify Dependabot PRs diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 000000000..5d7374aa8 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,44 @@ +# TODO +# repo->Settings->Pull Requests->Check "Allow auto-merge" +# Settings-Branches->Add/Edit branch protection rule for main: + # Check "Require status checks to pass before merging" and select build workflow (CI pipelilne name like 'build') to make sure PR only merges when it passes + +name: Dependabot Auto-Merge + +on: + pull_request_target: + types: [opened, synchronize, reopened] + + permissions: + pull-requests: write # To approve PRs + contents: write # to merge PRs + + jobs: + auto-merge: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' # Only dependabot PRs + steps: + - name: Checkout repo + users: actions/checkout@v4 + + - name: Fetch Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Approve minor updates + if: steps.metadata.outputs.update-type == 'version-update:semver-minor' + run: | + gh pr review "$PR_URL" --approve -b "Auto-approved minor update" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Enable auto-merge for minor updates + if: steps.metadata.outputs.update-type == 'version-update:semver-minor' + run: | + gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 2c76d267c6d45bf078285920959b29ccee2e3bc7 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Wed, 12 Mar 2025 13:13:49 -0700 Subject: [PATCH 2/2] use --admin flag to bypass approvals --- .github/workflows/dependabot-auto-merge.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 5d7374aa8..b68d4b6dd 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -27,18 +27,19 @@ on: with: github-token: ${{ secrets.GITHUB_TOKEN }} - - name: Approve minor updates - if: steps.metadata.outputs.update-type == 'version-update:semver-minor' - run: | - gh pr review "$PR_URL" --approve -b "Auto-approved minor update" - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # - name: Approve minor updates + # if: steps.metadata.outputs.update-type == 'version-update:semver-minor' + # run: | + # gh pr review "$PR_URL" --approve -b "Auto-approved minor update" + # env: + # PR_URL: ${{ github.event.pull_request.html_url }} + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # use admin to bypass the need for approval, human PRs still need two approvals - name: Enable auto-merge for minor updates if: steps.metadata.outputs.update-type == 'version-update:semver-minor' run: | - gh pr merge --auto --squash "$PR_URL" + gh pr merge --squash --admin "$PR_URL" env: PR_URL: ${{ github.event.pull_request.html_url }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}