Skip to content

Commit 60e96e9

Browse files
committed
ROSA-745: align osdctl Dependabot + GHA auto-merge (draft)
1 parent 352492e commit 60e96e9

2 files changed

Lines changed: 153 additions & 2 deletions

File tree

.github/dependabot.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,13 @@
11
version: 2
22
updates:
3-
- package-ecosystem: 'gomod'
3+
- package-ecosystem: gomod
44
directory: '/'
55
labels:
6+
- "area/dependency"
67
- "ok-to-test"
78
allow:
89
- dependency-name: "github.com/openshift/osd-network-verifier"
910
- dependency-name: "github.com/openshift/backplane-cli"
1011
schedule:
11-
interval: 'daily'
12+
interval: 'weekly'
13+
open-pull-requests-limit: 10
Lines changed: 149 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,149 @@
1+
name: Dependabot Auto-Merge
2+
3+
on:
4+
pull_request:
5+
types: [opened, synchronize, reopened, ready_for_review]
6+
7+
permissions:
8+
contents: write
9+
pull-requests: write
10+
11+
jobs:
12+
auto-merge:
13+
runs-on: ubuntu-latest
14+
if: |
15+
github.event.pull_request.user.login == 'dependabot[bot]' &&
16+
github.event.pull_request.head.repo.full_name == github.repository
17+
steps:
18+
- name: Fetch Dependabot Metadata
19+
id: metadata
20+
uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2
21+
22+
- name: Enable Auto-Merge for Safe Updates
23+
id: enable-automerge
24+
if: |
25+
steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
26+
steps.metadata.outputs.update-type == 'version-update:semver-minor'
27+
env:
28+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
29+
UPDATE_TYPE: ${{ steps.metadata.outputs.update-type }}
30+
DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }}
31+
PREVIOUS_VERSION: ${{ steps.metadata.outputs.previous-version }}
32+
NEW_VERSION: ${{ steps.metadata.outputs.new-version }}
33+
PR_NUMBER: ${{ github.event.pull_request.number }}
34+
REPOSITORY: ${{ github.repository }}
35+
run: |
36+
set -euo pipefail
37+
echo "Enabling auto-merge for ${UPDATE_TYPE} update"
38+
echo "Dependency: ${DEPENDENCY_NAMES}"
39+
40+
PR_NODE_ID=$(curl -s \
41+
-H "Accept: application/vnd.github+json" \
42+
-H "Authorization: Bearer ${GH_TOKEN}" \
43+
"https://api.github.com/repos/${REPOSITORY}/pulls/${PR_NUMBER}" \
44+
| jq -r '.node_id')
45+
46+
if [[ -z "${PR_NODE_ID}" || "${PR_NODE_ID}" == "null" ]]; then
47+
echo "automerge-enabled=false" >> "${GITHUB_OUTPUT}"
48+
echo "❌ Failed to fetch PR node ID"
49+
exit 1
50+
fi
51+
52+
response=$(curl -s -w "%{http_code}" -o /tmp/response.json \
53+
-X POST \
54+
-H "Accept: application/vnd.github+json" \
55+
-H "Authorization: Bearer ${GH_TOKEN}" \
56+
"https://api.github.com/graphql" \
57+
-d "{\"query\":\"mutation { enablePullRequestAutoMerge(input: { pullRequestId: \\\"${PR_NODE_ID}\\\", mergeMethod: SQUASH }) { pullRequest { autoMergeRequest { enabledAt } } } }\"}")
58+
59+
if [[ "${response}" == "200" ]] && \
60+
jq -e '.errors == null and .data.enablePullRequestAutoMerge.pullRequest.autoMergeRequest.enabledAt != null' /tmp/response.json >/dev/null; then
61+
echo "automerge-enabled=true" >> "${GITHUB_OUTPUT}"
62+
echo "✅ Auto-merge enabled successfully via GraphQL"
63+
cat /tmp/response.json
64+
else
65+
echo "automerge-enabled=false" >> "${GITHUB_OUTPUT}"
66+
echo "❌ Failed to enable auto-merge. HTTP status: ${response}"
67+
cat /tmp/response.json
68+
echo "::warning::Could not enable auto-merge; manual review required."
69+
jq -n \
70+
--arg body "🤖 **Dependabot Auto-Merge Status**
71+
72+
This PR meets the criteria for auto-merge but could not be automatically merged.
73+
74+
- Update type: ${UPDATE_TYPE}
75+
- Dependencies: ${DEPENDENCY_NAMES}
76+
- Previous version: ${PREVIOUS_VERSION}
77+
- New version: ${NEW_VERSION}" \
78+
'{body: $body}' > /tmp/comment-body.json
79+
comment_status=$(curl -s -w "%{http_code}" -o /tmp/comment.json \
80+
-X POST \
81+
-H "Accept: application/vnd.github+json" \
82+
-H "Authorization: Bearer ${GH_TOKEN}" \
83+
"https://api.github.com/repos/${REPOSITORY}/issues/${PR_NUMBER}/comments" \
84+
-d @/tmp/comment-body.json)
85+
if [[ "${comment_status}" != "201" ]]; then
86+
echo "::warning::Failed to post auto-merge status comment (HTTP ${comment_status})"
87+
cat /tmp/comment.json
88+
fi
89+
fi
90+
91+
- name: Comment on Major Version Updates
92+
if: |
93+
github.event.action == 'opened' &&
94+
steps.metadata.outputs.update-type == 'version-update:semver-major'
95+
env:
96+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
97+
DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }}
98+
PREVIOUS_VERSION: ${{ steps.metadata.outputs.previous-version }}
99+
NEW_VERSION: ${{ steps.metadata.outputs.new-version }}
100+
PR_NUMBER: ${{ github.event.pull_request.number }}
101+
REPOSITORY: ${{ github.repository }}
102+
run: |
103+
set -euo pipefail
104+
jq -n \
105+
--arg body "🚨 **Major Version Update Detected** 🚨
106+
107+
This PR contains a major version update that requires manual review:
108+
- **Dependency:** ${DEPENDENCY_NAMES}
109+
- **Previous version:** ${PREVIOUS_VERSION}
110+
- **New version:** ${NEW_VERSION}
111+
112+
Auto-merge has been **disabled** for this PR." \
113+
'{body: $body}' > /tmp/major-comment-body.json
114+
comment_status=$(curl -s -w "%{http_code}" -o /tmp/major-comment.json \
115+
-X POST \
116+
-H "Accept: application/vnd.github+json" \
117+
-H "Authorization: Bearer ${GH_TOKEN}" \
118+
"https://api.github.com/repos/${REPOSITORY}/issues/${PR_NUMBER}/comments" \
119+
-d @/tmp/major-comment-body.json)
120+
if [[ "${comment_status}" != "201" ]]; then
121+
echo "::warning::Failed to post major-update comment (HTTP ${comment_status})"
122+
cat /tmp/major-comment.json
123+
fi
124+
125+
- name: Log Auto-Merge Decision
126+
if: always()
127+
env:
128+
UPDATE_TYPE: ${{ steps.metadata.outputs.update-type }}
129+
DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }}
130+
AUTOMERGE_ENABLED: ${{ steps.enable-automerge.outputs.automerge-enabled }}
131+
run: |
132+
echo "Auto-merge decision for PR #${{ github.event.pull_request.number }}:"
133+
echo "- Update type: ${UPDATE_TYPE}"
134+
echo "- Dependency: ${DEPENDENCY_NAMES}"
135+
case "${UPDATE_TYPE}" in
136+
version-update:semver-patch|version-update:semver-minor)
137+
if [[ "${AUTOMERGE_ENABLED}" == "true" ]]; then
138+
echo "✅ Auto-merge ENABLED"
139+
else
140+
echo "❌ Auto-merge NOT enabled (mutation failed or step skipped)"
141+
fi
142+
;;
143+
version-update:semver-major)
144+
echo "❌ Auto-merge DISABLED: major version update"
145+
;;
146+
*)
147+
echo "❌ Auto-merge DISABLED: unknown update type"
148+
;;
149+
esac

0 commit comments

Comments
 (0)