|
| 1 | +name: Dependabot Auto-Merge |
| 2 | + |
| 3 | +on: |
| 4 | + pull_request: |
| 5 | + types: [opened, synchronize, reopened, ready_for_review] |
| 6 | + |
| 7 | +permissions: |
| 8 | + contents: write |
| 9 | + pull-requests: write |
| 10 | + |
| 11 | +jobs: |
| 12 | + auto-merge: |
| 13 | + runs-on: ubuntu-latest |
| 14 | + if: | |
| 15 | + github.event.pull_request.user.login == 'dependabot[bot]' && |
| 16 | + github.event.pull_request.head.repo.full_name == github.repository |
| 17 | + steps: |
| 18 | + - name: Fetch Dependabot Metadata |
| 19 | + id: metadata |
| 20 | + uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2 |
| 21 | + |
| 22 | + - name: Enable Auto-Merge for Safe Updates |
| 23 | + id: enable-automerge |
| 24 | + if: | |
| 25 | + steps.metadata.outputs.update-type == 'version-update:semver-patch' || |
| 26 | + steps.metadata.outputs.update-type == 'version-update:semver-minor' |
| 27 | + env: |
| 28 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 29 | + UPDATE_TYPE: ${{ steps.metadata.outputs.update-type }} |
| 30 | + DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }} |
| 31 | + PREVIOUS_VERSION: ${{ steps.metadata.outputs.previous-version }} |
| 32 | + NEW_VERSION: ${{ steps.metadata.outputs.new-version }} |
| 33 | + PR_NUMBER: ${{ github.event.pull_request.number }} |
| 34 | + REPOSITORY: ${{ github.repository }} |
| 35 | + run: | |
| 36 | + set -euo pipefail |
| 37 | + echo "Enabling auto-merge for ${UPDATE_TYPE} update" |
| 38 | + echo "Dependency: ${DEPENDENCY_NAMES}" |
| 39 | +
|
| 40 | + PR_NODE_ID=$(curl -s \ |
| 41 | + -H "Accept: application/vnd.github+json" \ |
| 42 | + -H "Authorization: Bearer ${GH_TOKEN}" \ |
| 43 | + "https://api.github.com/repos/${REPOSITORY}/pulls/${PR_NUMBER}" \ |
| 44 | + | jq -r '.node_id') |
| 45 | +
|
| 46 | + if [[ -z "${PR_NODE_ID}" || "${PR_NODE_ID}" == "null" ]]; then |
| 47 | + echo "automerge-enabled=false" >> "${GITHUB_OUTPUT}" |
| 48 | + echo "❌ Failed to fetch PR node ID" |
| 49 | + exit 1 |
| 50 | + fi |
| 51 | +
|
| 52 | + response=$(curl -s -w "%{http_code}" -o /tmp/response.json \ |
| 53 | + -X POST \ |
| 54 | + -H "Accept: application/vnd.github+json" \ |
| 55 | + -H "Authorization: Bearer ${GH_TOKEN}" \ |
| 56 | + "https://api.github.com/graphql" \ |
| 57 | + -d "{\"query\":\"mutation { enablePullRequestAutoMerge(input: { pullRequestId: \\\"${PR_NODE_ID}\\\", mergeMethod: SQUASH }) { pullRequest { autoMergeRequest { enabledAt } } } }\"}") |
| 58 | +
|
| 59 | + if [[ "${response}" == "200" ]] && \ |
| 60 | + jq -e '.errors == null and .data.enablePullRequestAutoMerge.pullRequest.autoMergeRequest.enabledAt != null' /tmp/response.json >/dev/null; then |
| 61 | + echo "automerge-enabled=true" >> "${GITHUB_OUTPUT}" |
| 62 | + echo "✅ Auto-merge enabled successfully via GraphQL" |
| 63 | + cat /tmp/response.json |
| 64 | + else |
| 65 | + echo "automerge-enabled=false" >> "${GITHUB_OUTPUT}" |
| 66 | + echo "❌ Failed to enable auto-merge. HTTP status: ${response}" |
| 67 | + cat /tmp/response.json |
| 68 | + echo "::warning::Could not enable auto-merge; manual review required." |
| 69 | + jq -n \ |
| 70 | + --arg body "🤖 **Dependabot Auto-Merge Status** |
| 71 | +
|
| 72 | + This PR meets the criteria for auto-merge but could not be automatically merged. |
| 73 | +
|
| 74 | + - Update type: ${UPDATE_TYPE} |
| 75 | + - Dependencies: ${DEPENDENCY_NAMES} |
| 76 | + - Previous version: ${PREVIOUS_VERSION} |
| 77 | + - New version: ${NEW_VERSION}" \ |
| 78 | + '{body: $body}' > /tmp/comment-body.json |
| 79 | + comment_status=$(curl -s -w "%{http_code}" -o /tmp/comment.json \ |
| 80 | + -X POST \ |
| 81 | + -H "Accept: application/vnd.github+json" \ |
| 82 | + -H "Authorization: Bearer ${GH_TOKEN}" \ |
| 83 | + "https://api.github.com/repos/${REPOSITORY}/issues/${PR_NUMBER}/comments" \ |
| 84 | + -d @/tmp/comment-body.json) |
| 85 | + if [[ "${comment_status}" != "201" ]]; then |
| 86 | + echo "::warning::Failed to post auto-merge status comment (HTTP ${comment_status})" |
| 87 | + cat /tmp/comment.json |
| 88 | + fi |
| 89 | + fi |
| 90 | +
|
| 91 | + - name: Comment on Major Version Updates |
| 92 | + if: | |
| 93 | + github.event.action == 'opened' && |
| 94 | + steps.metadata.outputs.update-type == 'version-update:semver-major' |
| 95 | + env: |
| 96 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 97 | + DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }} |
| 98 | + PREVIOUS_VERSION: ${{ steps.metadata.outputs.previous-version }} |
| 99 | + NEW_VERSION: ${{ steps.metadata.outputs.new-version }} |
| 100 | + PR_NUMBER: ${{ github.event.pull_request.number }} |
| 101 | + REPOSITORY: ${{ github.repository }} |
| 102 | + run: | |
| 103 | + set -euo pipefail |
| 104 | + jq -n \ |
| 105 | + --arg body "🚨 **Major Version Update Detected** 🚨 |
| 106 | +
|
| 107 | + This PR contains a major version update that requires manual review: |
| 108 | + - **Dependency:** ${DEPENDENCY_NAMES} |
| 109 | + - **Previous version:** ${PREVIOUS_VERSION} |
| 110 | + - **New version:** ${NEW_VERSION} |
| 111 | +
|
| 112 | + Auto-merge has been **disabled** for this PR." \ |
| 113 | + '{body: $body}' > /tmp/major-comment-body.json |
| 114 | + comment_status=$(curl -s -w "%{http_code}" -o /tmp/major-comment.json \ |
| 115 | + -X POST \ |
| 116 | + -H "Accept: application/vnd.github+json" \ |
| 117 | + -H "Authorization: Bearer ${GH_TOKEN}" \ |
| 118 | + "https://api.github.com/repos/${REPOSITORY}/issues/${PR_NUMBER}/comments" \ |
| 119 | + -d @/tmp/major-comment-body.json) |
| 120 | + if [[ "${comment_status}" != "201" ]]; then |
| 121 | + echo "::warning::Failed to post major-update comment (HTTP ${comment_status})" |
| 122 | + cat /tmp/major-comment.json |
| 123 | + fi |
| 124 | +
|
| 125 | + - name: Log Auto-Merge Decision |
| 126 | + if: always() |
| 127 | + env: |
| 128 | + UPDATE_TYPE: ${{ steps.metadata.outputs.update-type }} |
| 129 | + DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }} |
| 130 | + AUTOMERGE_ENABLED: ${{ steps.enable-automerge.outputs.automerge-enabled }} |
| 131 | + run: | |
| 132 | + echo "Auto-merge decision for PR #${{ github.event.pull_request.number }}:" |
| 133 | + echo "- Update type: ${UPDATE_TYPE}" |
| 134 | + echo "- Dependency: ${DEPENDENCY_NAMES}" |
| 135 | + case "${UPDATE_TYPE}" in |
| 136 | + version-update:semver-patch|version-update:semver-minor) |
| 137 | + if [[ "${AUTOMERGE_ENABLED}" == "true" ]]; then |
| 138 | + echo "✅ Auto-merge ENABLED" |
| 139 | + else |
| 140 | + echo "❌ Auto-merge NOT enabled (mutation failed or step skipped)" |
| 141 | + fi |
| 142 | + ;; |
| 143 | + version-update:semver-major) |
| 144 | + echo "❌ Auto-merge DISABLED: major version update" |
| 145 | + ;; |
| 146 | + *) |
| 147 | + echo "❌ Auto-merge DISABLED: unknown update type" |
| 148 | + ;; |
| 149 | + esac |
0 commit comments