[CI] Add auto approval/merge for helm weekly release #15857
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Auto-merge as documented in official Github docs | |
| # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions | |
| name: Auto-review Dependabot PRs | |
| on: pull_request_target | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| jobs: | |
| dependabot-reviewer: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} || ${{ github.event.pull_request.user.login == 'grafanabot' }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Dependabot metadata | |
| id: metadata | |
| uses: dependabot/fetch-metadata@v2.2.0 | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Check allowlist | |
| id: check-allowlist | |
| if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' | |
| run: | | |
| cfg_path=".github/workflows/allowlist.json" | |
| IFS=', ' read -r -a libsUpdated <<< "${{ steps.metadata.outputs.dependency-names }}" | |
| # Loop through the array to make sure all updated libraries are in the allowlist | |
| all_in_allowlist="true" | |
| reason_array=() | |
| # If any element is not in the allowlist, set the flag to false | |
| for lib in "${libsUpdated[@]}"; do | |
| exists=$(jq --arg lib "$lib" 'any(.[]; .name == $lib)' $cfg_path) | |
| if [[ "$exists" != "true" ]]; then | |
| all_in_allowlist="false" | |
| break | |
| else | |
| reason_array+=("$(jq -r --arg lib "$lib" '.[] | select(.name == $lib) | .reason' $cfg_path)") | |
| fi | |
| done | |
| if [[ "$all_in_allowlist" == "true" ]]; then | |
| reasons=$(IFS=','; echo "${reason_array[*]}") | |
| echo "reasons=$reasons" >> $GITHUB_OUTPUT | |
| echo "allInAllowlist=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "allInAllowlist=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Helm Weekly release | |
| id: helm-weekly-release | |
| if : contains(github.ref, 'helm-chart-weekly-') | |
| run: echo "isHelmRelease=true" >> $GITHUB_OUTPUT | |
| - name: Approve and auto-merge | |
| if: steps.check-allowlist.conclusion == 'success' && steps.check-allowlist.outputs.allInAllowlist == 'true' || (steps.helm-weekly-release.conclusion == 'success' && steps.helm-weekly-release.outputs.isHelmRelease == 'true') | |
| run: | | |
| gh pr merge --auto --squash "$PR_URL" | |
| gh pr review $PR_URL \ | |
| --approve -b "**I'm approving** this pull request, since it is a helm release or all libraries are in the allowlist." | |
| env: | |
| PR_URL: ${{github.event.pull_request.html_url}} | |
| GITHUB_TOKEN: ${{secrets.GH_BOT_ACCESS_TOKEN}} | |
| - name: Manual review is required | |
| if: steps.helm-weekly-release.conclusion == 'skip' && (steps.check-allowlist.conclusion != 'success' || steps.check-allowlist.outputs.allInAllowlist == 'false') | |
| run: | | |
| gh pr comment $PR_URL --body "**This library is not auto-approved** | |
| Unfortunately, this library is a major version update or it is not included in our allowlist, which means it cannot be auto-approved. \ | |
| If you believe it should be considered for auto-approval, please open a pull request to add \ | |
| it to the allowlist configuration. | |
| To add this library to the allowlist, please modify the [allowlist.json](https://github.com/grafana/mimir/tree/main/.github/workflows/allowlist.json) file and \ | |
| include the necessary details for review." | |
| env: | |
| PR_URL: ${{github.event.pull_request.html_url}} | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} |