security-pr-auto-release.yml

# 自动合并dependabot相关PR

name: Auto Merge Dependabot PR

on:
  pull_request:
    branches: [ master ]

jobs:
  # 合并PR
  merge-pr:
    name: 合并PR
    # The type of runner that the job will run on
    runs-on: ubuntu-latest
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      - name: 判断是否为依赖机器人
        if: ${{ GITHUB_ACTOR	=== 'dependabot' }}
        uses: actions/checkout@master
      - name: 合并依赖分支
        run: git pull
        run: git merge ${{ GITHUB_REF }}
  testing: 
    name: 执行单测
    needs: [merge-pr]
    runs-on: ubuntu-latest
    steps: 
      - name: 更新依赖
        run: npm install
      - name: 执行单元测试
        run: npm run test
  bump-version:
    name: '更新版本'
    needs: [merge-pr, testing]
    runs-on: ubuntu-latest
    steps: 
      - name: 更新package.json的版本号
        run: npm version patch
  release:
    needs: [bump-version]
    runs-on: ubuntu-latest
    steps:
      - run: npm run changelog
      - run: npm version patch
      - run: git add .
      - run: git commit -m "release"
      - run: git push
      - run: npm publish