Skip to content

build(deps): bump github/codeql-action from 2 to 3 #91

build(deps): bump github/codeql-action from 2 to 3

build(deps): bump github/codeql-action from 2 to 3 #91

Workflow file for this run

# We "trust" dependabot updates once they pass tests.
# (this still requires all other checks to pass!)
# This doesn't work on forked repos per the discussion in
# https://github.com/pascalgn/automerge-action/issues/46 so don't attempt to
# add people other than dependabot to the if field below.
name: dependabot-auto-merge
on:
pull_request_target:
types:
# Dependabot will label the PR
- labeled
# Dependabot has rebased the PR
- synchronize
jobs:
enable-automerge:
if: github.event.pull_request.user.login == 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'dependencies')
runs-on: ubuntu-latest
permissions:
# enable-automerge is a graphql query, not REST, so isn't documented,
# except in a mention in
# https://github.blog/changelog/2021-02-04-pull-request-auto-merge-is-now-generally-available/
# which says "can only be enabled by users with permissino to merge"; the
# REST documentation says you need contents: write to perform a merge.
# https://gh.neting.ccmunity/t/what-permission-does-a-github-action-need-to-call-graphql-enablepullrequestautomerge/197708
# says this is it
contents: write
steps:
# Enable auto-merge *before* issuing an approval.
- uses: alexwilson/enable-github-automerge-action@main
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
wait-on-checks:
needs: enable-automerge
runs-on: ubuntu-latest
permissions:
# wait-on-check requires only checks read
checks: read
steps:
- uses: lewagon/wait-on-check-action@v1.3.1
with:
ref: ${{ github.event.pull_request.head.sha }}
check-regexp: "test.*"
repo-token: ${{ secrets.GITHUB_TOKEN }}
wait-interval: 60
approve:
needs: wait-on-checks
runs-on: ubuntu-latest
permissions:
# https://github.com/hmarr/auto-approve-action/issues/183 says
# auto-approve-action requires write on pull-requests
pull-requests: write
steps:
- uses: hmarr/auto-approve-action@44888193675f29a83e04faf4002fa8c0b537b1e4
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"