diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 1f51bd1d..4999fb3e 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -2,15 +2,29 @@ version: 2 updates: - package-ecosystem: github-actions directory: / + target-branch: 'develop' assignees: - ja-fra schedule: interval: weekly + groups: + github-action: + patterns: + - "actions/*" + docker: + patterns: + - "docker/*" - package-ecosystem: maven directory: / + target-branch: 'develop' schedule: interval: daily ignore: - # We want to stay on the v5 of the openapi-generator dependency-name: "org.openapitools:openapi-generator-maven-plugin" update-types: ["version-update:semver-major"] + groups: + maven-plugin: + patterns: + - "org.apache.maven.plugins:*" + - "org.codehaus.mojo:*" diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml new file mode 100644 index 00000000..eee60d0d --- /dev/null +++ b/.github/workflows/dependabot.yaml @@ -0,0 +1,34 @@ +name: Dependabot Automation +on: pull_request + +permissions: + contents: write + pull-requests: write + issues: write + repository-projects: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot Metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: Label Major Updates + if: ${{steps.metadata.outputs.update-type == 'version-update:semver-major'}} + run: | + gh label create "major-update" --color "B60205" --description "Major Dependency Update" --repo "$REPO" || true + gh pr edit "$PR_URL" --add-label "major-update" + env: + REPO: ${{github.repository}} + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + - name: Enable Auto-Merge for Patch Updates + if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch'}} + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}