90 lines
3.7 KiB
YAML
90 lines
3.7 KiB
YAML
# see also https://stackoverflow.com/a/68365564/6090676
|
|
name: Dependabot auto-merge
|
|
on:
|
|
workflow_run:
|
|
workflows: ["Tests"]
|
|
# completed does not mean success of Tests workflow. see below checking github.event.workflow_run.conclusion
|
|
types:
|
|
- completed
|
|
|
|
# workflow_call is used to indicate that a workflow can be called by another workflow. When a workflow is triggered with the workflow_call event, the event payload in the called workflow is the same event payload from the calling workflow. For more information see, "Reusing workflows."
|
|
|
|
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
|
|
# maybe hook into this instead of workflow_run:
|
|
# on:
|
|
# pull_request:
|
|
# pull_request_target:
|
|
# types: [labeled]
|
|
|
|
permissions:
|
|
# for gh pr review
|
|
pull-requests: write
|
|
# for gh pr merge
|
|
contents: write
|
|
|
|
jobs:
|
|
# uncomment this to print the context for debugging in case a job is getting skipped
|
|
printJob:
|
|
name: Print event
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Dump GitHub context
|
|
env:
|
|
GITHUB_CONTEXT: ${{ toJson(github) }}
|
|
run: |
|
|
echo "$GITHUB_CONTEXT"
|
|
|
|
dependabot:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.actor == 'dependabot[bot]' && github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }}
|
|
steps:
|
|
- name: Development Code
|
|
uses: actions/checkout@v4
|
|
|
|
###### GET PR NUMBER
|
|
# we saved the pr_number in tests.yml. fetch it so we can merge the correct PR.
|
|
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
|
|
# https://github.com/actions/github-script
|
|
- name: "Download artifact"
|
|
uses: actions/github-script@v7
|
|
with:
|
|
script: |
|
|
console.log("download artifact: started")
|
|
console.log("download artifact: content.payload: ", context.payload)
|
|
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
run_id: context.payload.workflow_run.id,
|
|
});
|
|
console.log("download artifact: got allArtifacts")
|
|
console.log("download artifact: allArtifacts: ", allArtifacts)
|
|
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
|
|
return artifact.name == "pr_number"
|
|
})[0];
|
|
console.log("download artifact: got matchArtifact: ", matchArtifact)
|
|
let download = await github.rest.actions.downloadArtifact({
|
|
owner: context.repo.owner,
|
|
repo: context.repo.repo,
|
|
artifact_id: matchArtifact.id,
|
|
archive_format: 'zip',
|
|
});
|
|
let fs = require('fs');
|
|
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data));
|
|
- name: "Unzip artifact"
|
|
run: unzip pr_number.zip
|
|
###########
|
|
|
|
- name: print pr number
|
|
run: cat pr_number
|
|
# the repo requires one approval. if a dependabot change passes tests, that is good enough.
|
|
- name: approve pr
|
|
run: gh pr review --approve "$(cat pr_number)"
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
# if the merge --auto flag were added, and if the repo allowed it at https://github.com/sartography/spiff-arena/settings,
|
|
# it would set up the pr to auto merge when all requirements were met. but we just want to merge now.
|
|
- name: set up pr to auto merge when all requirements are met
|
|
run: gh pr merge --squash "$(cat pr_number)"
|
|
env:
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|