-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* ci(dependencies): automate dependencies updates Signed-off-by: Frederic BIDON <[email protected]> * ci: auto-merge dependabot PRs * enabled auto-merge for go-openapi minor version bumps, not just patches Signed-off-by: Frederic BIDON <[email protected]> --------- Signed-off-by: Frederic BIDON <[email protected]>
- Loading branch information
Showing
3 changed files
with
104 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
version: 2 | ||
updates: | ||
- package-ecosystem: "github-actions" | ||
directory: "/" | ||
schedule: | ||
interval: "weekly" | ||
day: "friday" | ||
open-pull-requests-limit: 2 # <- default is 5 | ||
groups: # <- group all github actions updates in a single PR | ||
# 1. development-dependencies are auto-merged | ||
development-dependencies: | ||
dependency-type: development | ||
patterns: | ||
- '*' | ||
|
||
- package-ecosystem: "gomod" | ||
# We define 4 groups of dependencies to regroup update pull requests: | ||
# - development (e.g. test dependencies) | ||
# - go-openapi updates | ||
# - golang.org (e.g. golang.org/x/... packages) | ||
# - other dependencies (direct or indirect) | ||
# | ||
# * All groups are checked once a week and each produce at most 1 PR. | ||
# * All dependabot PRs are auto-approved | ||
# | ||
# Auto-merging policy, when requirements are met: | ||
# 1. development-dependencies are auto-merged | ||
# 2. golang.org-dependencies are auto-merged | ||
# 3. go-openapi patch updates are auto-merged. Minor/major version updates require a manual merge. | ||
# 4. other dependencies require a manual merge | ||
directory: "/" | ||
schedule: | ||
interval: "weekly" | ||
day: "friday" | ||
open-pull-requests-limit: 4 | ||
groups: | ||
development-dependencies: | ||
dependency-type: development | ||
patterns: | ||
- "github.com/stretchr/testify" | ||
|
||
golang.org-dependencies: | ||
dependency-type: production | ||
patterns: | ||
- "golang.org/*" | ||
|
||
go-openapi-dependencies: | ||
dependency-type: production | ||
patterns: | ||
- "github.com/go-openapi/*" | ||
|
||
other-dependencies: | ||
dependency-type: production | ||
exclude-patterns: | ||
- "github.com/go-openapi/*" | ||
- "github.com/stretchr/testify" | ||
- "golang.org/*" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
name: Dependabot auto-merge | ||
on: pull_request | ||
|
||
permissions: | ||
contents: write | ||
pull-requests: write | ||
|
||
jobs: | ||
dependabot: | ||
runs-on: ubuntu-latest | ||
if: github.actor == 'dependabot[bot]' | ||
steps: | ||
- name: Dependabot metadata | ||
id: metadata | ||
uses: dependabot/fetch-metadata@v1 | ||
|
||
- name: Auto-approve all dependabot PRs | ||
run: gh pr review --approve "$PR_URL" | ||
env: | ||
PR_URL: ${{github.event.pull_request.html_url}} | ||
GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | ||
|
||
- name: Auto-merge dependabot PRs for development dependencies | ||
if: contains(steps.metadata.outputs.dependency-group, 'development-dependencies') | ||
run: gh pr merge --auto --rebase "$PR_URL" | ||
env: | ||
PR_URL: ${{github.event.pull_request.html_url}} | ||
GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | ||
|
||
- name: Auto-merge dependabot PRs for go-openapi patches | ||
if: contains(steps.metadata.outputs.dependency-group, 'go-openapi-dependencies') && (steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch') | ||
run: gh pr merge --auto --rebase "$PR_URL" | ||
env: | ||
PR_URL: ${{github.event.pull_request.html_url}} | ||
GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | ||
|
||
- name: Auto-merge dependabot PRs for golang.org updates | ||
if: contains(steps.metadata.outputs.dependency-group, 'golang.org-dependencies') | ||
run: gh pr merge --auto --rebase "$PR_URL" | ||
env: | ||
PR_URL: ${{github.event.pull_request.html_url}} | ||
GH_TOKEN: ${{secrets.GITHUB_TOKEN}} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters