Dependabot auto-merge #11932
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Some of the automerge workflow is described at https://stackoverflow.com/a/68365564/6090676 | |
| name: Dependabot auto-merge | |
| on: | |
| workflow_run: | |
| workflows: ["Tests"] | |
| # completed does not mean success of Tests workflow. see below checking github.event.workflow_run.conclusion | |
| types: | |
| - completed | |
| # workflow_call is used to indicate that a workflow can be called by another workflow. When a workflow is triggered with the workflow_call event, the event payload in the called workflow is the same event payload from the calling workflow. For more information see, "Reusing workflows." | |
| # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request | |
| # maybe hook into this instead of workflow_run: | |
| # on: | |
| # pull_request: | |
| # pull_request_target: | |
| # types: [labeled] | |
| permissions: | |
| # for gh pr review | |
| pull-requests: write | |
| # for gh pr merge | |
| contents: write | |
| jobs: | |
| dependabot: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.actor == 'dependabot[bot]' && github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }} | |
| steps: | |
| - name: Development Code | |
| uses: actions/checkout@v6 | |
| ###### GET PR NUMBER | |
| # we saved the pr_number in tests.yml. fetch it so we can merge the correct PR. | |
| # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run | |
| # https://github.com/actions/github-script | |
| - name: "Download artifact" | |
| uses: actions/github-script@v8 | |
| with: | |
| script: | | |
| console.log("download artifact: started") | |
| console.log("download artifact: content.payload: ", context.payload) | |
| let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| run_id: context.payload.workflow_run.id, | |
| }); | |
| console.log("download artifact: got allArtifacts") | |
| console.log("download artifact: allArtifacts: ", allArtifacts) | |
| let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { | |
| return artifact.name == "pr_number" | |
| })[0]; | |
| console.log("download artifact: got matchArtifact: ", matchArtifact) | |
| let download = await github.rest.actions.downloadArtifact({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| artifact_id: matchArtifact.id, | |
| archive_format: 'zip', | |
| }); | |
| let fs = require('fs'); | |
| fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data)); | |
| - name: "Unzip artifact" | |
| run: unzip pr_number.zip | |
| ########### | |
| - name: print pr number | |
| run: cat pr_number | |
| # the repo requires one approval. if a dependabot change passes tests, that is good enough. | |
| - name: approve pr | |
| run: gh pr review --approve "$(cat pr_number)" | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| # if the merge --auto flag were added, and if the repo allowed it at https://github.com/sartography/spiff-arena/settings, | |
| # it would set up the pr to auto merge when all requirements were met. but we just want to merge now. | |
| - name: set up pr to auto merge when all requirements are met | |
| run: gh pr merge --squash "$(cat pr_number)" | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} |