Skip to content

Commit 6d2c9c0

Browse files
committed
ROSA-745: align osdctl Dependabot + GHA auto-merge (draft)
1 parent 352492e commit 6d2c9c0

2 files changed

Lines changed: 144 additions & 2 deletions

File tree

.github/dependabot.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,13 @@
11
version: 2
22
updates:
3-
- package-ecosystem: 'gomod'
3+
- package-ecosystem: gomod
44
directory: '/'
55
labels:
6+
- "area/dependency"
67
- "ok-to-test"
78
allow:
89
- dependency-name: "github.com/openshift/osd-network-verifier"
910
- dependency-name: "github.com/openshift/backplane-cli"
1011
schedule:
11-
interval: 'daily'
12+
interval: 'weekly'
13+
open-pull-requests-limit: 10
Lines changed: 140 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,140 @@
1+
name: Dependabot Auto-Merge
2+
3+
on:
4+
pull_request:
5+
types: [opened, synchronize, reopened, ready_for_review]
6+
7+
permissions:
8+
contents: write
9+
pull-requests: write
10+
11+
jobs:
12+
auto-merge:
13+
runs-on: ubuntu-latest
14+
if: |
15+
github.event.pull_request.user.login == 'dependabot[bot]' &&
16+
github.event.pull_request.head.repo.full_name == github.repository
17+
steps:
18+
- name: Fetch Dependabot Metadata
19+
id: metadata
20+
uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2
21+
22+
- name: Enable Auto-Merge for Safe Updates
23+
id: enable-automerge
24+
if: |
25+
steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
26+
steps.metadata.outputs.update-type == 'version-update:semver-minor' ||
27+
steps.metadata.outputs.update-type == 'version-update:semver-digest'
28+
env:
29+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
30+
UPDATE_TYPE: ${{ steps.metadata.outputs.update-type }}
31+
DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }}
32+
PREVIOUS_VERSION: ${{ steps.metadata.outputs.previous-version }}
33+
NEW_VERSION: ${{ steps.metadata.outputs.new-version }}
34+
PR_NUMBER: ${{ github.event.pull_request.number }}
35+
REPOSITORY: ${{ github.repository }}
36+
run: |
37+
set -euo pipefail
38+
echo "Enabling auto-merge for ${UPDATE_TYPE} update"
39+
echo "Dependency: ${DEPENDENCY_NAMES}"
40+
41+
PR_NODE_ID=$(curl -s \
42+
-H "Accept: application/vnd.github+json" \
43+
-H "Authorization: Bearer ${GH_TOKEN}" \
44+
"https://api.github.com/repos/${REPOSITORY}/pulls/${PR_NUMBER}" \
45+
| jq -r '.node_id')
46+
47+
if [[ -z "${PR_NODE_ID}" || "${PR_NODE_ID}" == "null" ]]; then
48+
echo "automerge-enabled=false" >> "${GITHUB_OUTPUT}"
49+
echo "❌ Failed to fetch PR node ID"
50+
exit 1
51+
fi
52+
53+
response=$(curl -s -w "%{http_code}" -o /tmp/response.json \
54+
-X POST \
55+
-H "Accept: application/vnd.github+json" \
56+
-H "Authorization: Bearer ${GH_TOKEN}" \
57+
"https://api.github.com/graphql" \
58+
-d "{\"query\":\"mutation { enablePullRequestAutoMerge(input: { pullRequestId: \\\"${PR_NODE_ID}\\\", mergeMethod: SQUASH }) { pullRequest { autoMergeRequest { enabledAt } } } }\"}")
59+
60+
if [[ "${response}" == "200" ]] && \
61+
jq -e '.errors == null and .data.enablePullRequestAutoMerge.pullRequest.autoMergeRequest.enabledAt != null' /tmp/response.json >/dev/null; then
62+
echo "automerge-enabled=true" >> "${GITHUB_OUTPUT}"
63+
echo "✅ Auto-merge enabled successfully via GraphQL"
64+
cat /tmp/response.json
65+
else
66+
echo "automerge-enabled=false" >> "${GITHUB_OUTPUT}"
67+
echo "❌ Failed to enable auto-merge. HTTP status: ${response}"
68+
cat /tmp/response.json
69+
echo "::warning::Could not enable auto-merge; manual review required."
70+
jq -n \
71+
--arg body "🤖 **Dependabot Auto-Merge Status**
72+
73+
This PR meets the criteria for auto-merge but could not be automatically merged.
74+
75+
- Update type: ${UPDATE_TYPE}
76+
- Dependencies: ${DEPENDENCY_NAMES}
77+
- Previous version: ${PREVIOUS_VERSION}
78+
- New version: ${NEW_VERSION}" \
79+
'{body: $body}' \
80+
| curl -s -X POST \
81+
-H "Accept: application/vnd.github+json" \
82+
-H "Authorization: Bearer ${GH_TOKEN}" \
83+
"https://api.github.com/repos/${REPOSITORY}/issues/${PR_NUMBER}/comments" \
84+
-d @-
85+
fi
86+
87+
- name: Comment on Major Version Updates
88+
if: |
89+
github.event.action == 'opened' &&
90+
steps.metadata.outputs.update-type == 'version-update:semver-major'
91+
env:
92+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
93+
DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }}
94+
PREVIOUS_VERSION: ${{ steps.metadata.outputs.previous-version }}
95+
NEW_VERSION: ${{ steps.metadata.outputs.new-version }}
96+
PR_NUMBER: ${{ github.event.pull_request.number }}
97+
REPOSITORY: ${{ github.repository }}
98+
run: |
99+
set -euo pipefail
100+
jq -n \
101+
--arg body "🚨 **Major Version Update Detected** 🚨
102+
103+
This PR contains a major version update that requires manual review:
104+
- **Dependency:** ${DEPENDENCY_NAMES}
105+
- **Previous version:** ${PREVIOUS_VERSION}
106+
- **New version:** ${NEW_VERSION}
107+
108+
Auto-merge has been **disabled** for this PR." \
109+
'{body: $body}' \
110+
| curl -s -X POST \
111+
-H "Accept: application/vnd.github+json" \
112+
-H "Authorization: Bearer ${GH_TOKEN}" \
113+
"https://api.github.com/repos/${REPOSITORY}/issues/${PR_NUMBER}/comments" \
114+
-d @-
115+
116+
- name: Log Auto-Merge Decision
117+
if: always()
118+
env:
119+
UPDATE_TYPE: ${{ steps.metadata.outputs.update-type }}
120+
DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }}
121+
AUTOMERGE_ENABLED: ${{ steps.enable-automerge.outputs.automerge-enabled }}
122+
run: |
123+
echo "Auto-merge decision for PR #${{ github.event.pull_request.number }}:"
124+
echo "- Update type: ${UPDATE_TYPE}"
125+
echo "- Dependency: ${DEPENDENCY_NAMES}"
126+
case "${UPDATE_TYPE}" in
127+
version-update:semver-patch|version-update:semver-minor|version-update:semver-digest)
128+
if [[ "${AUTOMERGE_ENABLED}" == "true" ]]; then
129+
echo "✅ Auto-merge ENABLED"
130+
else
131+
echo "❌ Auto-merge NOT enabled (mutation failed or step skipped)"
132+
fi
133+
;;
134+
version-update:semver-major)
135+
echo "❌ Auto-merge DISABLED: major version update"
136+
;;
137+
*)
138+
echo "❌ Auto-merge DISABLED: unknown update type"
139+
;;
140+
esac

0 commit comments

Comments
 (0)