From 55df4b72d12c9951b36a229f5759a081c69c93cb Mon Sep 17 00:00:00 2001 From: Falk Puschner Date: Wed, 1 Nov 2023 13:14:36 +0100 Subject: [PATCH 1/6] :art: Create dependabot automerge action --- .../template_automerge_dependabot.yml | 26 +++++++++++++++++++ README.md | 16 ++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 .github/workflows/template_automerge_dependabot.yml diff --git a/.github/workflows/template_automerge_dependabot.yml b/.github/workflows/template_automerge_dependabot.yml new file mode 100644 index 0000000..eed924f --- /dev/null +++ b/.github/workflows/template_automerge_dependabot.yml @@ -0,0 +1,26 @@ +# see: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request +name: Dependabot Auto-Merge + +on: + workflow_call: + +jobs: + dependabot: + + name: auto-merge + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + + steps: + - name: Load dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Enable auto-merge for Dependabot PRs + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/README.md b/README.md index 8919d29..21b0af0 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,22 @@ jobs: In this section you can find examples of how to use template workflows. For more information, please take a look at the templates. +### Auto-Merge Dependabot + +
+The action can be used to auto-merge a dependabot PR with minor and patch updates. + +```yml +name: Enable Dependabot Auto-Merge + +on: pull_request + +jobs: + automerge: + uses: Staffbase/gha-workflows/.github/workflows/template_automerge_dependabot.yml@v2.8.0 +``` +
+ ### AutoDev
From e7a61e133ac7525398574fd77acd643700a357da Mon Sep 17 00:00:00 2001 From: Falk Puschner Date: Wed, 1 Nov 2023 13:53:37 +0100 Subject: [PATCH 2/6] :memo: Add permissions --- .github/workflows/template_automerge_dependabot.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/template_automerge_dependabot.yml b/.github/workflows/template_automerge_dependabot.yml index eed924f..15e5626 100644 --- a/.github/workflows/template_automerge_dependabot.yml +++ b/.github/workflows/template_automerge_dependabot.yml @@ -4,6 +4,10 @@ name: Dependabot Auto-Merge on: workflow_call: +permissions: + contents: write + pull-requests: write + jobs: dependabot: From 6ea6113e0b04e9c76fe97e35f4273e8c856f99c1 Mon Sep 17 00:00:00 2001 From: Falk Puschner Date: Wed, 1 Nov 2023 14:05:31 +0100 Subject: [PATCH 3/6] :memo: Rename action --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 21b0af0..2aa5b8a 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ name: Enable Dependabot Auto-Merge on: pull_request jobs: - automerge: + dependabot: uses: Staffbase/gha-workflows/.github/workflows/template_automerge_dependabot.yml@v2.8.0 ```
From 8951a9da8be25aa96b62fda82a5d6f599e1b0ff8 Mon Sep 17 00:00:00 2001 From: Falk Puschner Date: Wed, 1 Nov 2023 14:07:24 +0100 Subject: [PATCH 4/6] :art: using explicit ubuntu version --- .github/workflows/template_automerge_dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/template_automerge_dependabot.yml b/.github/workflows/template_automerge_dependabot.yml index 15e5626..0cf154a 100644 --- a/.github/workflows/template_automerge_dependabot.yml +++ b/.github/workflows/template_automerge_dependabot.yml @@ -12,7 +12,7 @@ jobs: dependabot: name: auto-merge - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 if: github.actor == 'dependabot[bot]' steps: From b8a763d15eeffd740f3ba67bd44c5d7397c97938 Mon Sep 17 00:00:00 2001 From: Falk Puschner Date: Thu, 2 Nov 2023 07:33:11 +0100 Subject: [PATCH 5/6] :truck: Move permissions --- .github/workflows/template_automerge_dependabot.yml | 4 ---- README.md | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/template_automerge_dependabot.yml b/.github/workflows/template_automerge_dependabot.yml index 0cf154a..5dffcb4 100644 --- a/.github/workflows/template_automerge_dependabot.yml +++ b/.github/workflows/template_automerge_dependabot.yml @@ -4,10 +4,6 @@ name: Dependabot Auto-Merge on: workflow_call: -permissions: - contents: write - pull-requests: write - jobs: dependabot: diff --git a/README.md b/README.md index 2aa5b8a..03fa7ad 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,10 @@ name: Enable Dependabot Auto-Merge on: pull_request +permissions: + contents: write + pull-requests: write + jobs: dependabot: uses: Staffbase/gha-workflows/.github/workflows/template_automerge_dependabot.yml@v2.8.0 From 167f0b7c298afa4c5d4f14bc24e85aebbf65ff62 Mon Sep 17 00:00:00 2001 From: Falk Puschner Date: Thu, 2 Nov 2023 16:19:11 +0100 Subject: [PATCH 6/6] :memo: Update dependabot must haves --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 03fa7ad..77c06d8 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,8 @@ In this section you can find examples of how to use template workflows. For more
The action can be used to auto-merge a dependabot PR with minor and patch updates. +The action is called by creating a PR. Dependabot must have ownership of the corresponding dependency files in order to be able to merge the PRs. + ```yml name: Enable Dependabot Auto-Merge