Skip to content

Bump ossf/scorecard-action from 2.2.0 to 2.3.0 #15

Bump ossf/scorecard-action from 2.2.0 to 2.3.0

Bump ossf/scorecard-action from 2.2.0 to 2.3.0 #15

Workflow file for this run

name: Dependabot auto-approve-and-merge
on: pull_request
permissions:
pull-requests: write
contents: write
jobs:
dependabot:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
with:
persist-credentials: false
fetch-depth: 0
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906fd373f6b61b4526 # v1.6.0
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
# Check that no unexpected files are touched by dependabot PRs
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@db153baf731265ad02cd490b07f470e2d55e3345 # v39.2.1
with:
# Look for all changed files
files: '**'
# But ignore ones we expect to see:
files_ignore: '**/go.{sum,mod}'
- name: Run step if any permitted file(s) change
if: ${{ steps.changed-files.outputs.any_changed == 'false' && ( steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch') }}
run: gh pr review --approve "$PR_URL" && gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}