From 2b4a9f8b31469e0ceb847ad985b1e33c0bef5064 Mon Sep 17 00:00:00 2001 From: James McKinney <26463+jpmckinney@users.noreply.github.com> Date: Tue, 2 Jul 2024 11:08:24 -0400 Subject: [PATCH] ci: Add automerge workflow --- .github/dependabot.yml | 6 ++++++ .github/workflows/automerge.yml | 35 +++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/automerge.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..12301490 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml new file mode 100644 index 00000000..55365732 --- /dev/null +++ b/.github/workflows/automerge.yml @@ -0,0 +1,35 @@ +# The pull_request_target workflow trigger is dangerous. Do not add unrelated logic to this workflow. +# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ +# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target +name: Auto-merge +on: pull_request_target +permissions: + pull-requests: write # to approve the PR + contents: write # to merge the PR +jobs: + dependabot: + if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} + runs-on: ubuntu-latest + steps: + - id: dependabot-metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + - if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' || steps.dependabot-metadata.outputs.package-ecosystem == 'github_actions' }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh pr review --approve ${{ github.event.pull_request.html_url }} + - if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' || steps.dependabot-metadata.outputs.package-ecosystem == 'github_actions' }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh pr merge --auto --squash ${{ github.event.pull_request.html_url }} + precommit: + if: ${{ github.event.pull_request.user.login == 'pre-commit-ci[bot]' }} + runs-on: ubuntu-latest + steps: + - env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh pr review --approve ${{ github.event.pull_request.html_url }} + - env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh pr merge --auto --squash ${{ github.event.pull_request.html_url }}