-
-
Notifications
You must be signed in to change notification settings - Fork 16
45 lines (40 loc) · 1.76 KB
/
dependabot-auto-approve.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
name: "Dependabot auto-approve"
on: pull_request
permissions:
pull-requests: write
jobs:
dependabot:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/[email protected]
with:
github-token: ${{ secrets.ACCES_TOKEN }}
- name: Steps metadata info
run: |
echo Update type ${{ steps.metadata.outputs.update-type }}
echo Dependency type ${{ steps.metadata.outputs.dependency-type }}
- name: Approve a PR
# What are we automatically merging?
# MINOR and PATCH updates
# Development dependencies
# Indirect dependencies
# ----------------------
# ------ IMPORTANT ------
# Unfortunately dependabot core does not support knowing if an indirect dependency is from production or development
# [https://github.com/dependabot/fetch-metadata/issues/43#issuecomment-878173130]
# I am taking the risk to automatically update indirect dependencies of production dependencies.
# Ts-auto-mock will not be published automatically because of this.
# Before releasing a new version of ts-auto-mock the production dependencies need to be reviewed.
# ----------------------
if: |
(steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch')
&& (steps.metadata.outputs.dependency-type == 'indirect' || steps.metadata.outputs.dependency-type == 'direct:development')
run: |
gh pr review --approve "$PR_URL"
gh pr merge --auto --rebase "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.ACCES_TOKEN}}