Skip to content

[TASK] Bump dependabot/fetch-metadata from 1.6.0 to 2.0.0 #25

[TASK] Bump dependabot/fetch-metadata from 1.6.0 to 2.0.0

[TASK] Bump dependabot/fetch-metadata from 1.6.0 to 2.0.0 #25

# Based on https://github.com/spatie/package-skeleton-laravel/blob/main/.github/workflows/dependabot-auto-merge.yml
name: dependabot-auto-merge
on:
pull_request_target:
types: [opened, reopened]
permissions:
pull-requests: write
contents: write
jobs:
dependabot:
runs-on: ubuntu-latest
timeout-minutes: 5
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: "Dependabot metadata"
id: dependabot-metadata
uses: dependabot/[email protected]
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: "Output updated dependencies (JSON)"
run: echo steps.dependabot-metadata.outputs.updated-dependencies-json
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: "Auto-merge Dependabot PRs for semver-minor updates"
if: ${{steps.metadata.outputs.update-type == 'version-update:semver-minor'}}
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
- name: "Auto-merge Dependabot PRs for semver-patch updates"
if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"