22# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
33
44name : CI
5-
5+ permissions :
6+ contents : write
7+ pull-requests : write
68on :
79 push :
810 branches :
4244 .
4345 !node_modules
4446retention-days : 1
47+
48+ dependabot :
49+ name : ' Dependabot'
50+ needs : build # After the E2E and build jobs, if one of them fails, it won't merge the PR.
51+ runs-on : ubuntu-latest
52+ if : ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}} # Detect that the PR author is dependabot
53+ steps :
54+ - name : Enable auto-merge for Dependabot PRs
55+ run : gh pr merge --auto --merge "$PR_URL" # Use Github CLI to merge automatically the PR
56+ env :
57+ PR_URL : ${{github.event.pull_request.html_url}}
58+ GITHUB_TOKEN : ${{secrets.GITHUB_TOKEN}}
4559
4660 npm-publish-build :
4761 needs : build
@@ -58,14 +72,14 @@ jobs:
5872 run : ' sed -i -E "s/(\"version\": *\"[^\"]+)/\1-${GITHUB_SHA_SHORT}/" package.json'
5973 - name : Disable pre- and post-publish actions
6074 run : ' sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json'
61- - uses : JS-DevTools/npm-publish@v4
75+ - uses : JS-DevTools/npm-publish@v4.1.1
6276 if : github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
6377 with :
6478 token : ${{ secrets.NPM_TOKEN }}
6579 tag : ${{ env.GITHUB_REF_SLUG }}
6680
6781 npm-publish-latest :
68- needs : build
82+ needs : [ build, npm-publish-build]
6983 runs-on : ubuntu-latest
7084 if : github.ref == 'refs/heads/main'
7185 steps :
7791 node-version : 20.x
7892 - name : Disable pre- and post-publish actions
7993 run : ' sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json'
80- - uses : JS-DevTools/npm-publish@v4
94+ - uses : JS-DevTools/npm-publish@v4.1.1
8195 if : github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
8296 with :
8397 token : ${{ secrets.NPM_TOKEN }}
0 commit comments