2022-03-24 18:19:39 +00:00
# Auto-merge Dependabot PRs that upgrade patch or minor versions if CI passes
# Copied from https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
# Also see https://github.com/dependabot/fetch-metadata
name : Dependabot auto-merge
2022-04-25 18:49:02 +00:00
on :
pull_request :
branches : main
workflow_dispatch :
2022-03-24 18:19:39 +00:00
permissions :
pull-requests : write
contents : write
jobs :
dependabot :
runs-on : ubuntu-latest
if : github.actor == 'dependabot[bot]'
2022-04-25 18:49:02 +00:00
env :
PR_URL : ${{github.event.pull_request.html_url}}
GITHUB_TOKEN : ${{secrets.GITHUB_TOKEN}}
2022-03-24 18:19:39 +00:00
steps :
- name : Dependabot metadata
id : metadata
uses : dependabot/fetch-metadata@v1.1.1
with :
github-token : "${{ secrets.GITHUB_TOKEN }}"
- name : Enable auto-merge for Dependabot PRs
if : >
! contains(steps.metadata.outputs.dependency-names, 'tlslite-ng') &&
steps.metadata.outputs.update-type != 'version-update:semver-major'
run : gh pr merge --auto --rebase "$PR_URL"
2022-04-25 18:49:02 +00:00
- name : "Warn that we won't auto-merge major version updates"
if : steps.metadata.outputs.update-type == 'version-update:semver-major'
run : gh pr comment "$PR_URL" -b "Looks like a major version upgrade! Skipping auto-merge."