Dependabot auto-merge #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# see also https://stackoverflow.com/a/68365564/6090676 | |
name: Dependabot auto-merge | |
on: | |
workflow_run: | |
workflows: ["Tests"] | |
# completed does not mean success of Tests workflow. see below checking github.event.workflow_run.conclusion | |
types: | |
- completed | |
# workflow_call is used to indicate that a workflow can be called by another workflow. When a workflow is triggered with the workflow_call event, the event payload in the called workflow is the same event payload from the calling workflow. For more information see, "Reusing workflows." | |
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request | |
# maybe hook into this instead of workflow_run: | |
# on: | |
# pull_request: | |
# pull_request_target: | |
# types: [labeled] | |
permissions: | |
# for gh pr review | |
pull-requests: write | |
# for gh pr merge | |
contents: write | |
jobs: | |
# uncomment this to print the context for debugging in case a job is getting skipped | |
printJob: | |
name: Print event | |
runs-on: ubuntu-latest | |
steps: | |
- name: Dump GitHub context | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
run: | | |
echo "$GITHUB_CONTEXT" | |
dependabot: | |
runs-on: ubuntu-latest | |
if: ${{ github.actor == 'dependabot[bot]' && github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }} | |
steps: | |
- name: Development Code | |
uses: actions/checkout@v4 | |
###### GET PR NUMBER | |
# we saved the pr_number in tests.yml. fetch it so we can merge the correct PR. | |
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run | |
# https://github.com/actions/github-script | |
- name: "Download artifact" | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
console.log("download artifact: started") | |
console.log("download artifact: content.payload: ", context.payload) | |
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
run_id: context.payload.workflow_run.id, | |
}); | |
console.log("download artifact: got allArtifacts") | |
console.log("download artifact: allArtifacts: ", allArtifacts) | |
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => { | |
return artifact.name == "pr_number" | |
})[0]; | |
console.log("download artifact: got matchArtifact: ", matchArtifact) | |
let download = await github.rest.actions.downloadArtifact({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
artifact_id: matchArtifact.id, | |
archive_format: 'zip', | |
}); | |
let fs = require('fs'); | |
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data)); | |
- name: "Unzip artifact" | |
run: unzip pr_number.zip | |
########### | |
- name: print pr number | |
run: cat pr_number | |
# the repo requires one approval. if a dependabot change passes tests, that is good enough. | |
- name: approve pr | |
run: gh pr review --approve "$(cat pr_number)" | |
env: | |
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
# if the merge --auto flag were added, and if the repo allowed it at https://github.com/sartography/spiff-arena/settings, | |
# it would set up the pr to auto merge when all requirements were met. but we just want to merge now. | |
- name: set up pr to auto merge when all requirements are met | |
run: gh pr merge --squash "$(cat pr_number)" | |
env: | |
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} |