-
-
Notifications
You must be signed in to change notification settings - Fork 15
46 lines (43 loc) · 2.33 KB
/
dependabot-review.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
name: "Dependabot reviewer"
on: # yamllint disable-line rule:truthy
pull_request_target: null
permissions:
pull-requests: "write"
contents: "write"
jobs:
review-dependabot-pr:
runs-on: "ubuntu-latest"
if: "${{ github.event.pull_request.user.login == 'dependabot[bot]' }}"
steps:
- uses: "actions/checkout@v4"
with:
fetch-depth: "0"
persist-credentials: "false"
- name: "Dependabot metadata"
id: "dependabot-metadata"
uses: "dependabot/fetch-metadata@v1.6.0"
- name: "Enable auto-merge for Dependabot PRs"
run: "gh pr merge --auto --merge $PR_URL"
env:
PR_URL: "${{github.event.pull_request.html_url}}"
GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}"
- name: "Approve patch and minor updates"
if: "${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}"
run: "gh pr review $PR_URL --approve -b \"I'm **approving** this pull request because **it includes a patch or minor update**\""
env:
PR_URL: "${{github.event.pull_request.html_url}}"
GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}"
- name: "Approve major updates of development dependencies"
if: "${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}}"
run: "gh pr review $PR_URL --approve -b \"I'm **approving** this pull request because **it includes a major update of a dependency used only in development**\""
env:
PR_URL: "${{github.event.pull_request.html_url}}"
GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}"
- name: "Comment on major updates of non-development dependencies"
if: "${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}}"
run: |
gh pr comment $PR_URL --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**"
gh pr edit $PR_URL --add-label "requires-manual-qa"
env:
PR_URL: "${{github.event.pull_request.html_url}}"
GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}"