Dependabot: Merge updates #2036

	name: "Dependabot: Merge updates"
	on:
	# https://securitylab.github.com/research/github-actions-preventing-pwn-requests
	# could and should work, at least for public repos;
	# tracking issue for this action's issue:
	# https://github.com/ahmadnassri/action-dependabot-auto-merge/issues/60
	pull_request:
	types:
	- labeled
	- unlabeled
	- synchronize
	- opened
	- edited
	- ready_for_review
	- reopened
	- unlocked
	pull_request_review:
	types:
	- submitted
	check_suite:
	types:
	- completed
	status: { }

	permissions:
	contents: read

	jobs:
	auto-merge-dependabot-github-actions:
	if: \|-
	vars.DEPENDABOT_AUTOMERGE == 'true' &&
	startsWith(github.head_ref, 'dependabot/github_actions/')
	runs-on: ubuntu-latest

	permissions:
	contents: write
	pull-requests: write

	# Specifically check that dependabot (or another trusted party) created this pull-request, and that it has been labelled correctly.

	steps:
	- name: "Initialise Workspace"
	if: startsWith(runner.name, 'buildagent-')
	shell: bash
	run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"

	- name: "Check Owner"
	uses: actions/[email protected]
	with:
	script: \|
	core.info('Owner: ${{github.repository_owner}}');

	- name: "Auto-Merge"
	if: github.repository_owner == 'funfair-tech'
	uses: pascalgn/[email protected]
	env:
	GITHUB_TOKEN: ${{secrets.SOURCE_PUSH_TOKEN}}
	MERGE_METHOD: merge
	MERGE_COMMIT_MESSAGE: pull-request-title-and-description
	MERGE_REQUIRED_APPROVALS: 1
	MERGE_DELETE_BRANCH: true
	MERGE_FORKS: false
	MERGE_LABELS: github-actions
	UPDATE_RETRIES: 10

Provide feedback