From 60e96e9c700f2db87ea5510b279b384305bb2ab3 Mon Sep 17 00:00:00 2001 From: MitaliBhalla Date: Mon, 29 Jun 2026 12:32:14 +0530 Subject: [PATCH] ROSA-745: align osdctl Dependabot + GHA auto-merge (draft) --- .github/dependabot.yml | 6 +- .github/workflows/dependabot-auto-merge.yml | 149 ++++++++++++++++++++ 2 files changed, 153 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/dependabot-auto-merge.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 277054c90..f9d179191 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,11 +1,13 @@ version: 2 updates: - - package-ecosystem: 'gomod' + - package-ecosystem: gomod directory: '/' labels: + - "area/dependency" - "ok-to-test" allow: - dependency-name: "github.com/openshift/osd-network-verifier" - dependency-name: "github.com/openshift/backplane-cli" schedule: - interval: 'daily' + interval: 'weekly' + open-pull-requests-limit: 10 diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 000000000..245da92a6 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,149 @@ +name: Dependabot Auto-Merge + +on: + pull_request: + types: [opened, synchronize, reopened, ready_for_review] + +permissions: + contents: write + pull-requests: write + +jobs: + auto-merge: + runs-on: ubuntu-latest + if: | + github.event.pull_request.user.login == 'dependabot[bot]' && + github.event.pull_request.head.repo.full_name == github.repository + steps: + - name: Fetch Dependabot Metadata + id: metadata + uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2 + + - name: Enable Auto-Merge for Safe Updates + id: enable-automerge + if: | + steps.metadata.outputs.update-type == 'version-update:semver-patch' || + steps.metadata.outputs.update-type == 'version-update:semver-minor' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + UPDATE_TYPE: ${{ steps.metadata.outputs.update-type }} + DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }} + PREVIOUS_VERSION: ${{ steps.metadata.outputs.previous-version }} + NEW_VERSION: ${{ steps.metadata.outputs.new-version }} + PR_NUMBER: ${{ github.event.pull_request.number }} + REPOSITORY: ${{ github.repository }} + run: | + set -euo pipefail + echo "Enabling auto-merge for ${UPDATE_TYPE} update" + echo "Dependency: ${DEPENDENCY_NAMES}" + + PR_NODE_ID=$(curl -s \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${GH_TOKEN}" \ + "https://api.github.com/repos/${REPOSITORY}/pulls/${PR_NUMBER}" \ + | jq -r '.node_id') + + if [[ -z "${PR_NODE_ID}" || "${PR_NODE_ID}" == "null" ]]; then + echo "automerge-enabled=false" >> "${GITHUB_OUTPUT}" + echo "❌ Failed to fetch PR node ID" + exit 1 + fi + + response=$(curl -s -w "%{http_code}" -o /tmp/response.json \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${GH_TOKEN}" \ + "https://api.github.com/graphql" \ + -d "{\"query\":\"mutation { enablePullRequestAutoMerge(input: { pullRequestId: \\\"${PR_NODE_ID}\\\", mergeMethod: SQUASH }) { pullRequest { autoMergeRequest { enabledAt } } } }\"}") + + if [[ "${response}" == "200" ]] && \ + jq -e '.errors == null and .data.enablePullRequestAutoMerge.pullRequest.autoMergeRequest.enabledAt != null' /tmp/response.json >/dev/null; then + echo "automerge-enabled=true" >> "${GITHUB_OUTPUT}" + echo "✅ Auto-merge enabled successfully via GraphQL" + cat /tmp/response.json + else + echo "automerge-enabled=false" >> "${GITHUB_OUTPUT}" + echo "❌ Failed to enable auto-merge. HTTP status: ${response}" + cat /tmp/response.json + echo "::warning::Could not enable auto-merge; manual review required." + jq -n \ + --arg body "🤖 **Dependabot Auto-Merge Status** + + This PR meets the criteria for auto-merge but could not be automatically merged. + + - Update type: ${UPDATE_TYPE} + - Dependencies: ${DEPENDENCY_NAMES} + - Previous version: ${PREVIOUS_VERSION} + - New version: ${NEW_VERSION}" \ + '{body: $body}' > /tmp/comment-body.json + comment_status=$(curl -s -w "%{http_code}" -o /tmp/comment.json \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${GH_TOKEN}" \ + "https://api.github.com/repos/${REPOSITORY}/issues/${PR_NUMBER}/comments" \ + -d @/tmp/comment-body.json) + if [[ "${comment_status}" != "201" ]]; then + echo "::warning::Failed to post auto-merge status comment (HTTP ${comment_status})" + cat /tmp/comment.json + fi + fi + + - name: Comment on Major Version Updates + if: | + github.event.action == 'opened' && + steps.metadata.outputs.update-type == 'version-update:semver-major' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }} + PREVIOUS_VERSION: ${{ steps.metadata.outputs.previous-version }} + NEW_VERSION: ${{ steps.metadata.outputs.new-version }} + PR_NUMBER: ${{ github.event.pull_request.number }} + REPOSITORY: ${{ github.repository }} + run: | + set -euo pipefail + jq -n \ + --arg body "🚨 **Major Version Update Detected** 🚨 + + This PR contains a major version update that requires manual review: + - **Dependency:** ${DEPENDENCY_NAMES} + - **Previous version:** ${PREVIOUS_VERSION} + - **New version:** ${NEW_VERSION} + + Auto-merge has been **disabled** for this PR." \ + '{body: $body}' > /tmp/major-comment-body.json + comment_status=$(curl -s -w "%{http_code}" -o /tmp/major-comment.json \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${GH_TOKEN}" \ + "https://api.github.com/repos/${REPOSITORY}/issues/${PR_NUMBER}/comments" \ + -d @/tmp/major-comment-body.json) + if [[ "${comment_status}" != "201" ]]; then + echo "::warning::Failed to post major-update comment (HTTP ${comment_status})" + cat /tmp/major-comment.json + fi + + - name: Log Auto-Merge Decision + if: always() + env: + UPDATE_TYPE: ${{ steps.metadata.outputs.update-type }} + DEPENDENCY_NAMES: ${{ steps.metadata.outputs.dependency-names }} + AUTOMERGE_ENABLED: ${{ steps.enable-automerge.outputs.automerge-enabled }} + run: | + echo "Auto-merge decision for PR #${{ github.event.pull_request.number }}:" + echo "- Update type: ${UPDATE_TYPE}" + echo "- Dependency: ${DEPENDENCY_NAMES}" + case "${UPDATE_TYPE}" in + version-update:semver-patch|version-update:semver-minor) + if [[ "${AUTOMERGE_ENABLED}" == "true" ]]; then + echo "✅ Auto-merge ENABLED" + else + echo "❌ Auto-merge NOT enabled (mutation failed or step skipped)" + fi + ;; + version-update:semver-major) + echo "❌ Auto-merge DISABLED: major version update" + ;; + *) + echo "❌ Auto-merge DISABLED: unknown update type" + ;; + esac