Skip to content

Dependabot auto-merge #5

Dependabot auto-merge

Dependabot auto-merge #5

# see also https://stackoverflow.com/a/68365564/6090676
name: Dependabot auto-merge
on:
workflow_run:
workflows: ["Tests"]
# completed does not mean success of Tests workflow. see below checking github.event.workflow_run.conclusion
types:
- completed
# workflow_call is used to indicate that a workflow can be called by another workflow. When a workflow is triggered with the workflow_call event, the event payload in the called workflow is the same event payload from the calling workflow. For more information see, "Reusing workflows."
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
# maybe hook into this instead of workflow_run:
# on:
# pull_request:
# pull_request_target:
# types: [labeled]
permissions:
# for gh pr review
pull-requests: write
# for gh pr merge
contents: write
jobs:
# uncomment this to print the context for debugging in case a job is getting skipped
printJob:
name: Print event
runs-on: ubuntu-latest
steps:
- name: Dump GitHub context
env:
GITHUB_CONTEXT: ${{ toJson(github) }}
run: |
echo "$GITHUB_CONTEXT"
dependabot:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' && github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }}
steps:
- name: Development Code
uses: actions/checkout@v4
###### GET PR NUMBER
# we saved the pr_number in tests.yml. fetch it so we can merge the correct PR.
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_run
# https://github.com/actions/github-script
- name: "Download artifact"
uses: actions/github-script@v7
with:
script: |
console.log("download artifact: started")
console.log("download artifact: content.payload: ", context.payload)
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
console.log("download artifact: got allArtifacts")
console.log("download artifact: allArtifacts: ", allArtifacts)
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
return artifact.name == "pr_number"
})[0];
console.log("download artifact: got matchArtifact: ", matchArtifact)
let download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data));
- name: "Unzip artifact"
run: unzip pr_number.zip
###########
- name: print pr number
run: cat pr_number
# the repo requires one approval. if a dependabot change passes tests, that is good enough.
- name: approve pr
run: gh pr review --approve "$(cat pr_number)"
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
# if the merge --auto flag were added, and if the repo allowed it at https://github.com/sartography/spiff-arena/settings,
# it would set up the pr to auto merge when all requirements were met. but we just want to merge now.
- name: set up pr to auto merge when all requirements are met
run: gh pr merge --squash "$(cat pr_number)"
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}