chore: make sure auto-approve and automerge work for Dependabot (#106)

Signed-off-by: team-tf-cdk <[email protected]> Co-authored-by: team-tf-cdk <[email protected]>
cdktf · Oct 19, 2023 · 071d1dc · 071d1dc
1 parent 6d46703
commit 071d1dc
Show file tree

Hide file tree

Showing 11 changed files with 47 additions and 34 deletions.
diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
diff --git a/.github/workflows/pull-request-lint.yml b/.github/workflows/pull-request-lint.yml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
diff --git a/.github/workflows/upgrade-cdktf.yml b/.github/workflows/upgrade-cdktf.yml
diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml
diff --git a/.npmignore b/.npmignore
diff --git a/.projenrc.ts b/.projenrc.ts
@@ -13,13 +13,14 @@ import { UpgradeCDKTF } from "./projenrc/upgrade-cdktf";
 const name = "projen-cdktf-hybrid-construct";
 
 const githubActionPinnedVersions = {
-  "actions/checkout": "c85c95e3d7251135ab7dc9ce3241c5835cc595a9", // v3.5.3
+  "actions/checkout": "8ade135a41bc03ea155e62e844d188df1ea18608", // v4.1.0
   "actions/download-artifact": "9bc31d5ccc31df68ecc42ccf4149144866c47d8a", // v3.0.2
-  "actions/setup-node": "64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c", // v3.6.0
-  "actions/upload-artifact": "0b7f8abb1508181956e8e162db84b466c27e18ce", // v3.1.2
+  "actions/github-script": "d7906e4ad0b1822421a7e6a35d5ca353c962f410", // v6.4.1
+  "actions/setup-node": "5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d", // v3.8.1
+  "actions/upload-artifact": "a8a3f3ad30e3422c9c7b888a15615d19a852ae32", // v3.1.3
   "amannn/action-semantic-pull-request":
-    "c3cd5d1ea3580753008872425915e343e351ab54", // v5.2.0
-  "peter-evans/create-pull-request": "284f54f989303d2699d373481a0cfa13ad5a6666", // v5.0.1
+    "47b15d52c5c30e94a17ec87eb8dd51ff5221fed9", // v5.3.0
+  "peter-evans/create-pull-request": "153407881ec5c347639a548ade7d8ad1d6740e38", // v5.0.2
 };
 
 const project = new JsiiProject({
@@ -75,8 +76,6 @@ new AutoApprove(project);
 new Automerge(project);
 new UpgradeCDKTF(project);
 
-project.addPackageIgnore("examples");
-
 project.addTask("buildExample", {
   exec: "yarn buildExample:hybrid && yarn buildExample:terraform",
 });
@@ -107,6 +106,12 @@ upgradeTask.exec("yarn projen upgrade:terraform");
 
 project.testTask.exec("yarn buildExample");
 
+project.addPackageIgnore("scripts");
+project.addPackageIgnore("examples");
+project.addPackageIgnore("projenrc");
+project.addPackageIgnore("/.projenrc.ts");
+
+project.addPackageIgnore(".copywrite.hcl");
 // Run copywrite tool to add copyright headers to all files
 project.buildWorkflow?.addPostBuildSteps(
   {

diff --git a/projenrc/auto-approve.ts b/projenrc/auto-approve.ts
@@ -16,11 +16,12 @@ export class AutoApprove {
     if (!workflow) throw new Error("no workflow defined");
 
     workflow.on({
-      pullRequest: {
+      pullRequestTarget: {
         types: ["opened", "labeled", "ready_for_review", "reopened"],
       },
     });
 
+    const maintainerStatuses = `fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]')`;
     workflow.addJobs({
       approve: {
         runsOn: ["ubuntu-latest"],
@@ -37,7 +38,7 @@ export class AutoApprove {
           },
           {
             name: "Auto-approve PRs by other users as team-tf-cdk",
-            if: "github.event.pull_request.user.login != 'team-tf-cdk'",
+            if: `github.event.pull_request.user.login != 'team-tf-cdk' && (contains(${maintainerStatuses}, github.event.pull_request.author_association) || github.actor == 'dependabot[bot])`,
             run: "gh pr review ${{ github.event.pull_request.number }} --approve",
             env: {
               GH_TOKEN: "${{ secrets.PROJEN_GITHUB_TOKEN }}",

diff --git a/projenrc/automerge.ts b/projenrc/automerge.ts
@@ -7,7 +7,7 @@ import { javascript } from "projen";
 import { JobPermission } from "projen/lib/github/workflows-model";
 
 /**
- * Merges PRs with the "automerge" label
+ * Enables GitHub's built-in automerge for PRs with the "automerge" label
  */
 export class Automerge {
   constructor(project: javascript.NodeProject) {
@@ -16,7 +16,7 @@ export class Automerge {
     if (!workflow) throw new Error("no workflow defined");
 
     workflow.on({
-      pullRequest: {
+      pullRequestTarget: {
         types: [
           "opened",
           "labeled",
@@ -29,6 +29,7 @@ export class Automerge {
 
     (workflow.concurrency as any) = "${{ github.workflow }}-${{ github.ref }}";
 
+    const maintainerStatuses = `fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]')`;
     workflow.addJobs({
       automerge: {
         runsOn: ["ubuntu-latest"],
@@ -39,7 +40,8 @@ export class Automerge {
             uses: "actions/checkout@v3",
           },
           {
-            name: "Turn on automerge for this PR",
+            name: "Turn on automerge for this PR by a trusted user or bot",
+            if: `github.event.pull_request.user.login == 'team-tf-cdk' || contains(${maintainerStatuses}, github.event.pull_request.author_association) || github.actor == 'dependabot[bot]`,
             run: "gh pr merge --auto --squash ${{ github.event.pull_request.number }}",
             env: {
               GH_TOKEN: "${{ secrets.PROJEN_GITHUB_TOKEN }}",