-
Notifications
You must be signed in to change notification settings - Fork 5
42 lines (39 loc) · 1.76 KB
/
auto-merge-dependabot.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
name: Automatically Update Dependencies
# `pull_request_target` grants access to secrets and runs in the scope of the *destination* branch.
# Specifically we listen for the labelled event.
on:
pull_request_target:
types: [labeled]
jobs:
# Explicitly check-out & run a local version of this action.
# Note: This is *not* a recommended practice, and is only done here to dogfood the action.
# Please avoid running this action in a workflow which checks out code.
auto-merge-dependency-updates:
name: Enable auto-merge for Dependabot PRs
runs-on: ubuntu-latest
# Specifically check the creator of the pull-request, not the actor.
if: github.event.pull_request.user.login == 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'dependencies')
steps:
- name: Checkout
uses: actions/checkout@master
with:
fetch-depth: 1
- id: enable-automerge
name: Enable Github Automerge
uses: ./
with:
github-token: "${{ secrets.ENABLE_AUTOMERGE_ACTION_TOKEN }}"
# Reference hmarr/auto-approve-action by commit SHA as it is an immutable reference to a
# known, "trusted" version of this 3rd party code.
# Note: This is a separate job to explicitly *not* check-out local code.
auto-approve-dependency-updates:
name: Approve dependabot PRs
runs-on: ubuntu-latest
needs: auto-merge-dependency-updates
# Specifically check the creator of the pull-request, not the actor.
if: github.event.pull_request.user.login == 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'dependencies')
steps:
- id: auto-approve-dependabot
uses: hmarr/auto-approve-action@bca9db08da72b576ae3273e776e7ccf3f0a36e12
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"