Update to Dependency Management #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow is triggered when a pull request is opened by Dependabot | |
| # This workflow will use metadata from Dependabot update to update external_dependencies.txt and update the dependency across all the SDKs | |
| # This workflow will auto-approve and merge the pull request if the update is a patch version or minor version update with a compatibility score of 80 or higher. | |
| # NOTE: The auto-approved and merge step is currently disabled. | |
| name: Dependabot Update External Dependencies | |
| on: pull_request | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: write | |
| repository-projects: write | |
| jobs: | |
| dependabot: | |
| runs-on: ubuntu-latest | |
| if: github.event.pull_request.user.login == 'dependabot[bot]' | |
| steps: | |
| - name: Fetch Dependabot metadata | |
| id: dependabot-metadata | |
| uses: dependabot/fetch-metadata@v2 | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| alert-lookup: true | |
| compat-lookup: true | |
| skip-verification: true | |
| skip-commit-verification: true | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.x' | |
| - name: Adjust External Dependencies | |
| run: python eng/versioning/dependabot_update_external_dependencies.py --json '${{steps.dependabot-metadata.outputs.updated-dependencies-json}}' | |
| - name: Commit changes | |
| run: | | |
| git config --global user.name 'github-actions[bot]' | |
| git config --global user.email 'github-actions[bot]@users.noreply.github.com' | |
| if ! git diff --quiet; then | |
| git add . | |
| git commit -m "Update External Dependencies" | |
| git push origin HEAD:${{ github.event.pull_request.head.ref }} | |
| else | |
| echo "No changes to commit" | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: Auto-Approve and Merge Pull Request | |
| # if: ${{ steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || (steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor' && steps.dependabot-metadata.outputs.compatibility-score >= 80)}} | |
| # run: | | |
| # gh pr review --approve "${{ github.event.pull_request.html_url }}" | |
| # gh pr merge "${{ github.event.pull_request.html_url }}" --auto --squash | |
| # env: | |
| # GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |