-
Notifications
You must be signed in to change notification settings - Fork 2
168 lines (163 loc) · 8.61 KB
/
dependabot_approve_and_label.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: approve_and_label
on:
pull_request:
types: [opened, reopened]
permissions:
contents: write
issues: write
pull-requests: write
jobs:
evaluate_dependabot_pr:
runs-on: ubuntu-latest
name: Parse Dependabot PR title
# Don't process PRs from forked repos
if:
github.event.pull_request.head.repo.full_name == github.repository
outputs:
dependency_name: ${{ steps.parse_dependabot_pr_automerge.outputs.dependency_name }}
version_from: ${{ steps.parse_dependabot_pr_automerge.outputs.version_from }}
version_to: ${{ steps.parse_dependabot_pr_automerge.outputs.version_to }}
is_auto_merge_candidate: ${{ steps.parse_dependabot_pr_automerge.outputs.is_interesting_package }}
is_auto_release_candidate: ${{ steps.parse_dependabot_pr_autorelease.outputs.is_interesting_package }}
semver_increment: ${{ steps.parse_dependabot_pr_automerge.outputs.semver_increment }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
- name: Read pr-autoflow configuration
id: get_pr_autoflow_config
uses: endjin/pr-autoflow/actions/read-configuration@v4
with:
config_file: .github/config/pr-autoflow.json
- name: Dependabot PR - AutoMerge Candidate
id: parse_dependabot_pr_automerge
uses: endjin/pr-autoflow/actions/dependabot-pr-parser@v4
with:
pr_title: ${{ github.event.pull_request.title }}
package_wildcard_expressions: ${{ steps.get_pr_autoflow_config.outputs.AUTO_MERGE_PACKAGE_WILDCARD_EXPRESSIONS }}
- name: Dependabot PR - AutoRelease Candidate
id: parse_dependabot_pr_autorelease
uses: endjin/pr-autoflow/actions/dependabot-pr-parser@v4
with:
pr_title: ${{ github.event.pull_request.title }}
package_wildcard_expressions: ${{ steps.get_pr_autoflow_config.outputs.AUTO_RELEASE_PACKAGE_WILDCARD_EXPRESSIONS }}
- name: debug
run: |
echo "dependency_name : ${{ steps.parse_dependabot_pr_automerge.outputs.dependency_name }}"
echo "is_interesting_package (merge) : ${{ steps.parse_dependabot_pr_automerge.outputs.is_interesting_package }}"
echo "is_interesting_package (release) : ${{ steps.parse_dependabot_pr_autorelease.outputs.is_interesting_package }}"
echo "semver_increment : ${{ steps.parse_dependabot_pr_automerge.outputs.semver_increment }}"
approve:
runs-on: ubuntu-latest
needs: evaluate_dependabot_pr
name: Approve auto-mergeable dependabot PRs
if: |
(github.actor == 'dependabot[bot]' || github.actor == 'dependjinbot[bot]' || github.actor == 'nektos/act') &&
needs.evaluate_dependabot_pr.outputs.is_auto_merge_candidate == 'True'
steps:
- name: Show PR Details
run: |
echo "<------------------------------------------------>"
echo "dependency_name : ${{needs.evaluate_dependabot_pr.outputs.dependency_name}}"
echo "semver_increment : ${{needs.evaluate_dependabot_pr.outputs.semver_increment}}"
echo "auto_merge : ${{needs.evaluate_dependabot_pr.outputs.is_auto_merge_candidate}}"
echo "auto_release : ${{needs.evaluate_dependabot_pr.outputs.is_auto_release_candidate}}"
echo "from_version : ${{needs.evaluate_dependabot_pr.outputs.version_from}}"
echo "to_version : ${{needs.evaluate_dependabot_pr.outputs.version_to}}"
echo "<------------------------------------------------>"
shell: bash
- name: Approve pull request
if: |
needs.evaluate_dependabot_pr.outputs.is_auto_merge_candidate == 'True' &&
(needs.evaluate_dependabot_pr.outputs.semver_increment == 'minor' || needs.evaluate_dependabot_pr.outputs.semver_increment == 'patch')
run: |
gh pr review "${{ github.event.pull_request.html_url }}" --approve -b "Thank you dependabot 🎊"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: 'Update PR body'
if: |
needs.evaluate_dependabot_pr.outputs.is_auto_merge_candidate == 'True' &&
(needs.evaluate_dependabot_pr.outputs.semver_increment == 'minor' || needs.evaluate_dependabot_pr.outputs.semver_increment == 'patch')
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: '${{ secrets.GITHUB_TOKEN }}'
retries: 6 # final retry should wait 64 seconds
retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes
script: |
await github.rest.pulls.update({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
pull_number: context.payload.pull_request.number,
body: "Bumps '${{needs.evaluate_dependabot_pr.outputs.dependency_name}}' from ${{needs.evaluate_dependabot_pr.outputs.version_from}} to ${{needs.evaluate_dependabot_pr.outputs.version_to}}"
})
check_for_norelease_label:
runs-on: ubuntu-latest
outputs:
no_release: ${{ steps.check_for_norelease_label.outputs.result }}
steps:
- name: Check for 'no_release' label on PR
id: check_for_norelease_label
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
retries: 6 # final retry should wait 64 seconds
retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes
script: |
const labels = await github.rest.issues.listLabelsOnIssue({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
issue_number: context.payload.number
});
core.info("labels: " + JSON.stringify(labels.data))
if ( labels.data.map(l => l.name).includes("no_release") ) {
core.info("Label found")
return true
}
return false
- name: Display 'no_release' status
run: |
echo "no_release: ${{ steps.check_for_norelease_label.outputs.result }}"
label_auto_merge:
runs-on: ubuntu-latest
needs:
- evaluate_dependabot_pr
- check_for_norelease_label
name: 'Automerge & Label'
steps:
# Get a token for a different identity so any auto-merge that happens in the next step is
# able to trigger other workflows (i.e. our 'auto_release' workflow)
# NOTE: This requires the app details to be defined as 'Dependabot' secrets, rather than
# the usual 'Action' secrets as this workflow is triggered by Dependabot.
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@32691ba7c9e7063bd457bd8f2a5703138591fa58 # v1.9
with:
app_id: ${{ secrets.DEPENDJINBOT_APP_ID }}
private_key: ${{ secrets.DEPENDJINBOT_PRIVATE_KEY }}
# Run the auto-merge in the GitHub App context, so the event can trigger other workflows
- name: 'Set dependabot PR to auto-merge'
if: |
(github.actor == 'dependabot[bot]' || github.actor == 'dependjinbot[bot]' || github.actor == 'nektos/act') &&
needs.evaluate_dependabot_pr.outputs.is_auto_merge_candidate == 'True' &&
(needs.evaluate_dependabot_pr.outputs.semver_increment == 'minor' || needs.evaluate_dependabot_pr.outputs.semver_increment == 'patch')
run: |
gh pr merge ${{ github.event.pull_request.number }} -R ${{ github.repository }} --auto --squash
env:
GITHUB_TOKEN: '${{ steps.generate_token.outputs.token }}'
- name: 'Label non-dependabot PRs and auto-releasable dependabot PRs with "pending_release"'
if: |
needs.check_for_norelease_label.outputs.no_release == 'false' &&
(
(github.actor != 'dependabot[bot]' && github.actor != 'dependjinbot[bot]') ||
needs.evaluate_dependabot_pr.outputs.is_auto_release_candidate == 'True'
)
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
github-token: '${{ secrets.GITHUB_TOKEN }}'
retries: 6 # final retry should wait 64 seconds
retry-exempt-status-codes: 400,401,404,422 # GH will raise rate limits with 403 & 429 status codes
script: |
await github.rest.issues.addLabels({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
issue_number: context.payload.pull_request.number,
labels: ['pending_release']
})