Specify default opt/debug options for different CMAKE_BUILD_TYPEs
#1719
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependabot auto-merge | |
| "on": | |
| # Use pull_request_target instead of pull_request to get elevated permissions | |
| # This is safe for Dependabot PRs because: | |
| # 1. We verify the PR author is dependabot[bot] | |
| # 2. We don't check out or run code from the PR | |
| # 3. We only enable auto-merge, which requires branch protection to pass | |
| pull_request_target: | |
| types: [opened, reopened, synchronize] | |
| pull_request_review: | |
| types: [submitted] | |
| check_suite: | |
| types: [completed] | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| dependabot: | |
| runs-on: ubuntu-latest | |
| if: >- | |
| (github.event_name == 'pull_request_target' && github.event.pull_request.user.login == 'dependabot[bot]' && | |
| github.event.pull_request.base.ref == 'main') || (github.event_name == 'pull_request_review' && | |
| github.event.pull_request.user.login == 'dependabot[bot]' && github.event.pull_request.base.ref == 'main') || | |
| (github.event_name == 'check_suite' && github.event.check_suite.pull_requests[0] != null && | |
| startsWith(github.event.check_suite.head_branch, 'dependabot/')) | |
| steps: | |
| - name: Get PR details | |
| id: pr | |
| # jq's // empty alternative operator returns an empty string instead of | |
| # the literal "null" when a key is absent or null in the event payload. | |
| # This ensures the downstream empty/null/numeric checks work correctly. | |
| run: | | |
| if [ "${GITHUB_EVENT_NAME}" = "check_suite" ]; then | |
| PR_NUMBER="$(jq -r '.check_suite.pull_requests[0].number // empty' "${GITHUB_EVENT_PATH}")" | |
| if [ -z "$PR_NUMBER" ] || [ "$PR_NUMBER" = "null" ] || ! [[ "$PR_NUMBER" =~ ^[0-9]+$ ]]; then | |
| echo "No valid PR number found in check_suite event (got: $PR_NUMBER)" | |
| exit 1 | |
| fi | |
| PR_JSON=$(gh pr view "$PR_NUMBER" --repo "$GITHUB_REPOSITORY" --json author,baseRefName) | |
| AUTHOR=$(echo "$PR_JSON" | jq -r '.author.login') | |
| BASE_REF=$(echo "$PR_JSON" | jq -r '.baseRefName') | |
| { | |
| echo "author=$AUTHOR" | |
| echo "base_ref=$BASE_REF" | |
| echo "number=$PR_NUMBER" | |
| } >> "$GITHUB_OUTPUT" | |
| else | |
| # For pull_request_target and pull_request_review, use event data | |
| { | |
| echo "author=$(jq -r '.pull_request.user.login // empty' "${GITHUB_EVENT_PATH}")" | |
| echo "base_ref=$(jq -r '.pull_request.base.ref // empty' "${GITHUB_EVENT_PATH}")" | |
| echo "number=$(jq -r '.pull_request.number // empty' "${GITHUB_EVENT_PATH}")" | |
| } >> "$GITHUB_OUTPUT" | |
| fi | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Enable auto-merge for Dependabot PRs | |
| if: steps.pr.outputs.author == 'dependabot[bot]' && steps.pr.outputs.base_ref == 'main' | |
| shell: bash | |
| env: | |
| PR_NUMBER: ${{ steps.pr.outputs.number }} | |
| GH_TOKEN: ${{ secrets.WORKFLOW_PAT }} | |
| # yamllint disable rule:line-length | |
| run: | | |
| set -o pipefail | |
| if ! gh pr merge --auto --rebase "${PR_NUMBER}" --repo "$GITHUB_REPOSITORY" 2>&1 | tee /tmp/gh-output.txt; then | |
| if grep -qE "auto-merge is already enabled|[Rr]equired.*status.*check|[Rr]equired approving review|[Rr]equired.*review" /tmp/gh-output.txt; then | |
| echo "Auto-merge not enabled yet - this is expected when requirements are not met or already enabled" | |
| exit 0 | |
| else | |
| echo "Unexpected error enabling auto-merge:" | |
| cat /tmp/gh-output.txt | |
| exit 1 | |
| fi | |
| fi | |
| # yamllint enable |