[release-2.13] CHANGELOG: Associate github.com/rs/cors update with right release #15470
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Auto-merge as documented in official Github docs | |
# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions | |
name: Auto-review Dependabot PRs | |
on: pull_request_target | |
permissions: | |
pull-requests: write | |
contents: write | |
jobs: | |
dependabot-reviewer: | |
runs-on: ubuntu-latest | |
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Dependabot metadata | |
id: metadata | |
uses: dependabot/fetch-metadata@v1.7.0 | |
with: | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Check allowlist | |
id: check-allowlist | |
if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' | |
run: | | |
cfg_path=".github/workflows/allowlist.json" | |
IFS=', ' read -r -a libsUpdated <<< "${{ steps.metadata.outputs.dependency-names }}" | |
# Loop through the array to make sure all updated libraries are in the allowlist | |
all_in_allowlist="true" | |
reason_array=() | |
# If any element is not in the allowlist, set the flag to false | |
for lib in "${libsUpdated[@]}"; do | |
exists=$(jq --arg lib "$lib" 'any(.[]; .name == $lib)' $cfg_path) | |
if [[ "$exists" != "true" ]]; then | |
all_in_allowlist="false" | |
break | |
else | |
reason_array+=("$(jq -r --arg lib "$lib" '.[] | select(.name == $lib) | .reason' $cfg_path)") | |
fi | |
done | |
if [[ "$all_in_allowlist" == "true" ]]; then | |
reasons=$(IFS=','; echo "${reason_array[*]}") | |
echo "reasons=$reasons" >> $GITHUB_OUTPUT | |
echo "allInAllowlist=true" >> $GITHUB_OUTPUT | |
else | |
echo "allInAllowlist=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Approve and auto-merge | |
if: steps.check-allowlist.conclusion == 'success' && steps.check-allowlist.outputs.allInAllowlist == 'true' | |
run: | | |
gh pr merge --auto --squash "$PR_URL" | |
gh pr review $PR_URL \ | |
--approve -b "**I'm approving** this pull request because it includes a patch or minor \ | |
update to dependencies that are already in the allowlist. | |
The reason this library is in the allowlist is that ${{ steps.check-allowlist.outputs.reasons}}" | |
env: | |
PR_URL: ${{github.event.pull_request.html_url}} | |
GITHUB_TOKEN: ${{secrets.GH_BOT_ACCESS_TOKEN}} | |
- name: Manual review is required | |
if: steps.check-allowlist.conclusion != 'success' || steps.check-allowlist.outputs.allInAllowlist == 'false' | |
run: | | |
gh pr comment $PR_URL --body "**This library is not auto-approved** | |
Unfortunately, this library is a major version update or it is not included in our allowlist, which means it cannot be auto-approved. \ | |
If you believe it should be considered for auto-approval, please open a pull request to add \ | |
it to the allowlist configuration. | |
To add this library to the allowlist, please modify the [allowlist.json](https://github.com/grafana/mimir/tree/main/.github/workflows/allowlist.json) file and \ | |
include the necessary details for review." | |
env: | |
PR_URL: ${{github.event.pull_request.html_url}} | |
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} |