Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add option to skip-verification #411

Merged
merged 6 commits into from
Apr 25, 2023
Merged

feat: add option to skip-verification #411

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2cc00ba
feat: add option to skip-verification
yeikel Apr 24, 2023
48f64ae
Update src/action.js
yeikel Apr 25, 2023
68549bb
Update src/action.js
yeikel Apr 25, 2023
c8d13bc
regenerate dist
yeikel Apr 25, 2023
be4b12c
merge
yeikel Apr 25, 2023
5c401a4
fix linting
yeikel Apr 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 12 additions & 11 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,17 +20,18 @@ Error: Resource not accessible by integration

## Inputs

| input | required | default | description |
Copy link
Contributor Author

@yeikel yeikel Apr 24, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This diff looks a bit large because the table had to be centered to keep the alignment.

To aid in review, you can disable white-spaces from the diff OR you can render it here : https://github.com/yeikel/github-action-merge-dependabot/blob/feat/skip-verification/README.md

The only change besides alignment is to add the newly introduced skip-verification field

|----------------------------|----------|--------------------------|-----------------------------------------------------------------|
| `github-token` | No | `${{github.token}}` | A GitHub token. |
| `exclude` | No | | A comma or semicolon separated value of packages that you don't want to auto-merge and would like to manually review to decide whether to upgrade or not. |
| `approve-only` | No | `false` | If `true`, the PR is only approved but not merged. |
| `merge-method` | No | `squash` | The merge method you would like to use (squash, merge, rebase). |
| `merge-comment` | No | `''` | An arbitrary message that you'd like to comment on the PR after it gets auto-merged. This is only useful when you're receiving too much of noise in email and would like to filter mails for PRs that got automatically merged. |
| `use-github-auto-merge` | No | `false` | If `true`, the PR is marked as auto-merge and will be merged by GitHub when status checks are satisfied.<br /><br />_NOTE_: This feature only works when all of the following conditions are met.<br />- The repository enables auto-merge. <br />- The pull request base must have a branch protection rule. <br />- The pull request's status checks are not yet satisfied.<br /></br>Refer to [the official document](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request) about GitHub auto-merge. |
| `target` | No | `any` | A flag to only auto-merge updates based on Semantic Versioning.<br />Possible options are: `major, premajor, minor, preminor, patch, prepatch, prerelease, any`.<br /><br />For more details on how semantic version difference is calculated please see [semver](https://www.npmjs.com/package/semver) package.<br /><br />If you set a value other than `any`, PRs that are not semantic version compliant are skipped. An example of a non-semantic version is a commit hash when using git submodules.|
| `pr-number` | No | | A pull request number, only required if triggered from a workflow_dispatch event. Typically this would be triggered by a script running in a separate CI provider. See [Trigger action from workflow_dispatch event](#trigger-action-from-workflow_dispatch-event) example. |
| `skip-commit-verification` | No | `false` | If `true`, then the action will not expect the commits to have a verification signature. It is required to set this to `true` in GitHub Enterprise Server. |
| input | required | default | description |
|----------------------------|----------|---------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `github-token` | No | `${{github.token}}` | A GitHub token. |
| `exclude` | No | | A comma or semicolon separated value of packages that you don't want to auto-merge and would like to manually review to decide whether to upgrade or not. |
| `approve-only` | No | `false` | If `true`, the PR is only approved but not merged. |
| `merge-method` | No | `squash` | The merge method you would like to use (squash, merge, rebase). |
| `merge-comment` | No | `''` | An arbitrary message that you'd like to comment on the PR after it gets auto-merged. This is only useful when you're receiving too much of noise in email and would like to filter mails for PRs that got automatically merged. |
| `use-github-auto-merge` | No | `false` | If `true`, the PR is marked as auto-merge and will be merged by GitHub when status checks are satisfied.<br /><br />_NOTE_: This feature only works when all of the following conditions are met.<br />- The repository enables auto-merge. <br />- The pull request base must have a branch protection rule. <br />- The pull request's status checks are not yet satisfied.<br /></br>Refer to [the official document](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request) about GitHub auto-merge. |
| `target` | No | `any` | A flag to only auto-merge updates based on Semantic Versioning.<br />Possible options are: `major, premajor, minor, preminor, patch, prepatch, prerelease, any`.<br /><br />For more details on how semantic version difference is calculated please see [semver](https://www.npmjs.com/package/semver) package.<br /><br />If you set a value other than `any`, PRs that are not semantic version compliant are skipped. An example of a non-semantic version is a commit hash when using git submodules. |
| `pr-number` | No | | A pull request number, only required if triggered from a workflow_dispatch event. Typically this would be triggered by a script running in a separate CI provider. See [Trigger action from workflow_dispatch event](#trigger-action-from-workflow_dispatch-event) example. |
| `skip-commit-verification` | No | `false` | If `true`, then the action will not expect the commits to have a verification signature. It is required to set this to `true` in GitHub Enterprise Server. |
| `skip-verification` | No | `false` | If true, the action will not validate the user or the commit verification status |

## Examples

Expand Down
9 changes: 7 additions & 2 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,19 +36,24 @@ inputs:
description: 'If true, then the action will not expect the commits to have a verification signature. It is required to set this to true in GitHub Enterprise Server'
required: false
default: false
skip-verification:
type: boolean
description: 'If true, the action will not validate the user or the commit verification status'
default: false

runs:
using: 'composite'
steps:
- name: Fetch metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1
if: ${{ github.event_name == 'pull_request' && github.actor == 'dependabot[bot]' }}
simoneb marked this conversation as resolved.
Show resolved Hide resolved
if: github.event_name == 'pull_request' && (github.actor == 'dependabot[bot]' || skip-verification == 'true')
with:
skip-commit-verification: ${{ inputs.skip-commit-verification }}
skip-verification : ${{ inputs.skip-verification }}
simoneb marked this conversation as resolved.
Show resolved Hide resolved
- name: Merge/approve PR
uses: actions/github-script@v6
if: ${{ github.event_name == 'pull_request' && github.actor == 'dependabot[bot]' }}
if: github.event_name == 'pull_request' && (github.actor == 'dependabot[bot]' || skip-verification == 'true')
simoneb marked this conversation as resolved.
Show resolved Hide resolved
with:
github-token: ${{ inputs.github-token }}
script: |
Expand Down
10 changes: 6 additions & 4 deletions dist/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2803,6 +2803,7 @@ module.exports = async function run({
TARGET,
PR_NUMBER,
SKIP_COMMIT_VERIFICATION,
SKIP_VERIFICATION,
} = getInputs(inputs)

try {
Expand All @@ -2820,16 +2821,16 @@ module.exports = async function run({
const pr = pull_request || (await client.getPullRequest(PR_NUMBER))

const isDependabotPR = pr.user.login === dependabotAuthor
if (!isDependabotPR) {
if (!isDependabotPR && !SKIP_VERIFICATION) {
return logWarning('Not a dependabot PR, skipping.')
}

const commits = await client.getPullRequestCommits(pr.number)
if (!commits.every(commit => commit.author?.login === dependabotAuthor)) {
if (!commits.every(commit => commit.author?.login === dependabotAuthor) && !SKIP_VERIFICATION) {
return logWarning('PR contains non dependabot commits, skipping.')
}

if (!SKIP_COMMIT_VERIFICATION) {
if (!SKIP_COMMIT_VERIFICATION && !SKIP_VERIFICATION) {
try {
verifyCommits(commits)
} catch {
Expand Down Expand Up @@ -3132,6 +3133,7 @@ exports.getInputs = inputs => {
TARGET: mapUpdateType(inputs['target']),
PR_NUMBER: inputs['pr-number'],
SKIP_COMMIT_VERIFICATION: /true/i.test(inputs['skip-commit-verification']),
SKIP_VERIFICATION: /true/i.test(inputs['skip-verification']),
}
}

Expand Down Expand Up @@ -3280,7 +3282,7 @@ module.exports = require("util");
/***/ ((module) => {

"use strict";
module.exports = JSON.parse('{"name":"github-action-merge-dependabot","version":"3.6.4","description":"A GitHub action to automatically merge and approve Dependabot pull requests","main":"src/index.js","scripts":{"build":"ncc build src/index.js","lint":"eslint .","test":"tap test/**.test.js","prepare":"husky install"},"author":{"name":"Salman Mitha","email":"[email protected]"},"contributors":["Simone Busoli <[email protected]>"],"license":"MIT","repository":{"type":"git","url":"git+https://github.com/fastify/github-action-merge-dependabot.git"},"bugs":{"url":"https://github.com/fastify/github-action-merge-dependabot/issues"},"homepage":"https://github.com/fastify/github-action-merge-dependabot#readme","dependencies":{"@actions/core":"^1.9.1","@actions/github":"^5.1.1","actions-toolkit":"github:nearform/actions-toolkit","gitdiff-parser":"^0.3.1","semver":"^7.4.0"},"devDependencies":{"@vercel/ncc":"^0.36.1","eslint":"^8.38.0","eslint-config-prettier":"^8.8.0","eslint-plugin-prettier":"^4.2.1","husky":"^8.0.3","prettier":"^2.8.7","proxyquire":"^2.1.3","sinon":"^15.0.3","tap":"^16.3.4"}}');
module.exports = JSON.parse('{"name":"github-action-merge-dependabot","version":"3.6.4","description":"A GitHub action to automatically merge and approve Dependabot pull requests","main":"src/index.js","scripts":{"build":"ncc build src/index.js","lint":"eslint .","test":"tap test/**.test.js","prepare":"husky install"},"author":{"name":"Salman Mitha","email":"[email protected]"},"contributors":["Simone Busoli <[email protected]>"],"license":"MIT","repository":{"type":"git","url":"git+https://github.com/fastify/github-action-merge-dependabot.git"},"bugs":{"url":"https://github.com/fastify/github-action-merge-dependabot/issues"},"homepage":"https://github.com/fastify/github-action-merge-dependabot#readme","dependencies":{"@actions/core":"^1.9.1","@actions/github":"^5.1.1","actions-toolkit":"github:nearform/actions-toolkit","gitdiff-parser":"^0.3.1","semver":"^7.5.0"},"devDependencies":{"@vercel/ncc":"^0.36.1","eslint":"^8.39.0","eslint-config-prettier":"^8.8.0","eslint-plugin-prettier":"^4.2.1","husky":"^8.0.3","prettier":"^2.8.8","proxyquire":"^2.1.3","sinon":"^15.0.4","tap":"^16.3.4"}}');

/***/ })

Expand Down
2 changes: 1 addition & 1 deletion package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 4 additions & 3 deletions src/action.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ module.exports = async function run({
TARGET,
PR_NUMBER,
SKIP_COMMIT_VERIFICATION,
SKIP_VERIFICATION,
} = getInputs(inputs)

try {
Expand All @@ -49,16 +50,16 @@ module.exports = async function run({
const pr = pull_request || (await client.getPullRequest(PR_NUMBER))

const isDependabotPR = pr.user.login === dependabotAuthor
if (!isDependabotPR) {
if (!isDependabotPR && !SKIP_VERIFICATION) {
yeikel marked this conversation as resolved.
Show resolved Hide resolved
return logWarning('Not a dependabot PR, skipping.')
}

const commits = await client.getPullRequestCommits(pr.number)
if (!commits.every(commit => commit.author?.login === dependabotAuthor)) {
if (!commits.every(commit => commit.author?.login === dependabotAuthor) && !SKIP_VERIFICATION) {
yeikel marked this conversation as resolved.
Show resolved Hide resolved
return logWarning('PR contains non dependabot commits, skipping.')
}

if (!SKIP_COMMIT_VERIFICATION) {
if (!SKIP_COMMIT_VERIFICATION && !SKIP_VERIFICATION) {
try {
verifyCommits(commits)
} catch {
Expand Down
1 change: 1 addition & 0 deletions src/util.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,5 +47,6 @@ exports.getInputs = inputs => {
TARGET: mapUpdateType(inputs['target']),
PR_NUMBER: inputs['pr-number'],
SKIP_COMMIT_VERIFICATION: /true/i.test(inputs['skip-commit-verification']),
SKIP_VERIFICATION: /true/i.test(inputs['skip-verification']),
}
}
Loading