145 Automate dependabot PRs (#137)

* dependabot merge script added * automerge workflow updated * update fetch-metadata version --------- Co-authored-by: Johannes Schneider <johannes-schneider_1995@web.de>
SAP · Jun 13, 2023 · 8ac2299 · 8ac2299
1 parent e64e1a8
commit 8ac2299
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 3 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -14,4 +14,3 @@ updates:
       - dependency-name: "net.revelc.code.formatter:formatter-maven-plugin" # newer versions require Java > 8
       - dependency-name: "net.revelc.code:impsort-maven-plugin" # newer versions require Java > 8
       - dependency-name: "org.mockito:mockito-core" # newer versions require Java > 8
-      - dependency-name: "net.revelc.code:impsort-maven-plugin" # newer versions require Java > 8
diff --git a/.github/workflows/code-ql-scan.yml b/.github/workflows/code-ql-scan.yml
@@ -2,9 +2,9 @@ name: "CodeQL Scan"
 
 on:
   push:
-    branches: [main]
+    branches: [ main ]
   pull_request:
-    branches: [main]
+    branches: [ main ]
 
 jobs:
   CodeQL-Build:

diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml
@@ -0,0 +1,37 @@
+name: dependabot merger
+
+on:
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  review-pr:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' &&
+      github.event_name == 'pull_request' }}
+    permissions:
+      pull-requests: write
+      contents: write
+    steps:
+      - name: dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1.5.1
+        with:
+          github-token: '${{ secrets.GITHUB_TOKEN }}'
+      - name: comment major updates
+        if : ${{steps.metadata.outputs.update-type == 'version-update:semver-major' }}
+        run: |
+          gh pr comment $PR_URL --body "PR **not approved** because it includes a major update of a dependency"
+          gh pr edit $PR_URL --add-label "please review"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: approve and merge
+        if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
+          steps.metadata.outputs.update-type == 'version-update:semver-minor'}}
+        run: |
+          gh pr review --approve "$PR_URL"
+          gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}