-
-
Notifications
You must be signed in to change notification settings - Fork 0
57 lines (48 loc) · 1.59 KB
/
dependabot-automerge.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
name: Auto-merge Dependabot PR
on:
# Use the `pull_request_target` event instead of `pull_request`,
# the workflow won't have access to secrets when use `pull_request` event
pull_request_target:
jobs:
autoapprove:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
permissions:
contents: write
pull-requests: write
steps:
- name: Approve PR
uses: hmarr/auto-approve-action@v4
with:
github-token: ${{ secrets.M31_PAT }}
review-message: 'Auto approved PR'
automerge:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }} # Only if the actor is Dependabot
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout repo
uses: actions/checkout@v4
- name: Fetch Dependabot metadata
id: meta
uses: dependabot/fetch-metadata@v2
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Auto-merge PR
# Auto-merge all Dependabot PRs with patch updates
if: ${{ steps.meta.outputs.update-type == 'version-update:semver-patch' }}
id: automerge
uses: pascalgn/automerge-action@v0.16.3
env:
GITHUB_TOKEN: ${{ secrets.M31_PAT }}
MERGE_METHOD: 'squash'
MERGE_LABELS: ''
MERGE_COMMIT_MESSAGE: 'pull-request-title'
MERGE_RETRIES: 3
- name: Post-merge PR
if: ${{ steps.automerge.outputs.mergeResult == 'merged' }}
run: gh pr comment --body 'Auto merged PR'
env:
GITHUB_TOKEN: ${{ secrets.M31_PAT }}