-
Notifications
You must be signed in to change notification settings - Fork 4
39 lines (35 loc) · 1.51 KB
/
dependabot-automerge.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# The name of the workflow
name: Automerge Dependabot PRs
# The event that triggers the workflow
on:
workflow_call:
jobs:
dependabot:
# The name of the job
name: Merge dependabot
# The type of runner that the job will run on
runs-on: ubuntu-latest
# The permissions for the GITHUB_TOKEN
permissions:
contents: write
pull-requests: write
# Conditional statement to run the job only when the event was triggered by 'dependabot[bot]'
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: Dependabot metadata
id: dependabot-metadata
# Use 'dependabot/fetch-metadata' to fetch the metadata about the update
uses: dependabot/[email protected]
- name: Approve patch and minor updates
# Conditional statement to run the steps only when the update type is a patch or minor
if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}
run: |
# Command to merge the PR
gh pr merge --auto --merge "$PR_URL"
# Command to approve the PR with a custom message
gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**"
env:
# The URL of the PR to be merged and approved
PR_URL: ${{github.event.pull_request.html_url}}
# The GitHub token secret
GITHUB_TOKEN: ${{secrets.BOT_TOKEN}}