shared-workflows/.github/workflows/dependabot-automation.yml at main · kernelsam/shared-workflows · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
---

name: 'dependabot approve and merge patch version prs'

on:
  workflow_call:
    secrets:
      CODEOWNER_PR_APPROVAL_TOKEN:
        required: true

permissions:
  contents: write
  pull-requests: write

jobs:
  dependabot-auto-approve-and-merge:
    runs-on: ubuntu-latest
    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
      - name: Dependabot metadata
        id: dependabot-metadata
        uses: dependabot/fetch-metadata@v1
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"
      - name: Approve patch version PRs
        if: ${{ steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' }}
        run: gh pr review --approve "$PR_URL" -b "I'm **approving** this pull request because **it includes a patch update**"
        env:
          PR_URL: ${{ github.event.pull_request.html_url }}
          GH_TOKEN: ${{ secrets.CODEOWNER_PR_APPROVAL_TOKEN }}
      - name: Auto merge patch version PRs
        if: ${{ steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' }}
        run: gh pr merge --auto --squash "$PR_URL"
        env:
          PR_URL: ${{ github.event.pull_request.html_url }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}