Dependabot: Add automatic dependency updating
All checks were successful
Public Preview Builds / publish-preview (push) Successful in 1m16s
All checks were successful
Public Preview Builds / publish-preview (push) Successful in 1m16s
This commit is contained in:
parent
ee4f03ff0b
commit
287fbd629c
GPG key ID:
4D8B07C18F31ACBD
1 changed files with 41 additions and 0 deletions
41
.github/workflows/dependabot.yaml
vendored
Normal file
41
.github/workflows/dependabot.yaml
vendored
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
name: Dependabot
|
||||
|
||||
on: pull_request_target
|
||||
|
||||
permissions:
|
||||
pull-requests: write
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
review-dependabot-pr:
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
|
||||
steps:
|
||||
- name: Dependabot metadata
|
||||
id: dependabot-metadata
|
||||
uses: dependabot/fetch-metadata@v2.2.0
|
||||
- name: Enable auto-merge for Dependabot PRs
|
||||
run: gh pr merge --auto --rebase "$PR_URL"
|
||||
env:
|
||||
PR_URL: ${{github.event.pull_request.html_url}}
|
||||
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||
- name: Approve patch and minor updates
|
||||
if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}
|
||||
run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**"
|
||||
env:
|
||||
PR_URL: ${{github.event.pull_request.html_url}}
|
||||
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||
- name: Approve major updates of development dependencies
|
||||
if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}}
|
||||
run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a major update of a dependency used only in development**"
|
||||
env:
|
||||
PR_URL: ${{github.event.pull_request.html_url}}
|
||||
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||
- name: Comment on major updates of non-development dependencies
|
||||
if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}}
|
||||
run: |
|
||||
gh pr comment $PR_URL --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**"
|
||||
gh pr edit $PR_URL --add-label "requires-manual-qa"
|
||||
env:
|
||||
PR_URL: ${{github.event.pull_request.html_url}}
|
||||
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
||||
Loading…
Reference in a new issue