From 4b1a953c6e9c35eff403fe357e6c48be3c5270b8 Mon Sep 17 00:00:00 2001 From: Kuisong Tong Date: Sun, 21 May 2023 09:02:46 -0700 Subject: [PATCH] automate dependent bot (#38) --- .github/workflows/changelog.yml | 2 -- .github/workflows/dependabot.yml | 33 ++++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/dependabot.yml diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml index 5a10796c..b6f12f35 100644 --- a/.github/workflows/changelog.yml +++ b/.github/workflows/changelog.yml @@ -19,5 +19,3 @@ jobs: steps: - uses: actions/checkout@v3 - uses: dangoslen/changelog-enforcer@v3 - with: - skipLabels: Skip-Changelog,dependencies diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml new file mode 100644 index 00000000..205e34a4 --- /dev/null +++ b/.github/workflows/dependabot.yml @@ -0,0 +1,33 @@ +name: Dependabot +on: pull_request + +permissions: + contents: write + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Add a label for all production dependencies + if: ${{ steps.metadata.outputs.dependency-type == 'direct:production' }} + run: gh pr edit "$PR_URL" --add-label "Skip-Changelog" + env: + PR_URL: ${{github.event.pull_request.html_url}} + - name: Approve a PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + - name: Enable auto-merge for Dependabot PRs + if: ${{contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch'}} + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}