Skip to content

composer(deps-dev): bump rector/rector from 1.1.0 to 1.2.8 #1098

composer(deps-dev): bump rector/rector from 1.1.0 to 1.2.8

composer(deps-dev): bump rector/rector from 1.1.0 to 1.2.8 #1098

name: "Dependabot reviewer"
on: # yamllint disable-line rule:truthy
pull_request_target: null
permissions:
pull-requests: "write"
contents: "write"
jobs:
review-dependabot-pr:
runs-on: "ubuntu-latest"
if: "${{ github.event.pull_request.user.login == 'dependabot[bot]' }}"
steps:
- uses: "actions/checkout@v4"
with:
fetch-depth: "0"
persist-credentials: "false"
- name: "Dependabot metadata"
id: "dependabot-metadata"
uses: "dependabot/fetch-metadata@v2.2.0"
- name: "Enable auto-merge for Dependabot PRs"
run: "gh pr merge --auto --merge $PR_URL"
env:
PR_URL: "${{github.event.pull_request.html_url}}"
GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}"
- name: "Approve patch and minor updates"
if: "${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}"
run: "gh pr review $PR_URL --approve -b \"I'm **approving** this pull request because **it includes a patch or minor update**\""
env:
PR_URL: "${{github.event.pull_request.html_url}}"
GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}"
- name: "Approve major updates of development dependencies"
if: "${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}}"
run: "gh pr review $PR_URL --approve -b \"I'm **approving** this pull request because **it includes a major update of a dependency used only in development**\""
env:
PR_URL: "${{github.event.pull_request.html_url}}"
GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}"
- name: "Comment on major updates of non-development dependencies"
if: "${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}}"
run: |
gh pr comment $PR_URL --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**"
gh pr edit $PR_URL --add-label "requires-manual-qa"
env:
PR_URL: "${{github.event.pull_request.html_url}}"
GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}"