-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
🎨 Using github app for auto merge (#194)
- Loading branch information
Showing
2 changed files
with
39 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -3,6 +3,11 @@ name: Dependabot Auto-Merge | |
|
|
||
| on: | ||
| workflow_call: | ||
| secrets: | ||
| app_id: | ||
| required: false | ||
| private_key: | ||
| required: false | ||
|
|
||
| jobs: | ||
| dependabot: | ||
|
|
@@ -11,12 +16,23 @@ jobs: | |
| runs-on: ubuntu-22.04 | ||
| if: github.actor == 'dependabot[bot]' | ||
|
|
||
| env: | ||
| USING_APP_CREDENTIALS: ${{ secrets.app_id != '' && secrets.private_key != '' }} | ||
|
|
||
| steps: | ||
| - name: Get App Token | ||
| if: ${{ env.USING_APP_CREDENTIALS == 'true' }} | ||
| uses: tibdex/[email protected] | ||
| id: get_token | ||
| with: | ||
| app_id: ${{ secrets.app_id }} | ||
| private_key: ${{ secrets.private_key }} | ||
|
|
||
| - name: Load dependabot metadata | ||
| id: metadata | ||
| uses: dependabot/fetch-metadata@v1 | ||
| with: | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| github-token: ${{ env.USING_APP_CREDENTIALS == 'true' && steps.get_token.outputs.token || secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Enable auto-merge for Dependabot PRs | ||
| if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' | ||
|
|
@@ -25,4 +41,4 @@ jobs: | |
| gh pr merge --auto --merge "$PR_URL" | ||
| env: | ||
| PR_URL: ${{ github.event.pull_request.html_url }} | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| GITHUB_TOKEN: ${{ env.USING_APP_CREDENTIALS == 'true' && steps.get_token.outputs.token || secrets.GITHUB_TOKEN }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -28,7 +28,9 @@ In this section you can find examples of how to use template workflows. For more | |
| <details> | ||
| <summary>The action can be used to auto-merge a dependabot PR with minor and patch updates.</summary> | ||
| The action is called by creating a PR. Dependabot must have ownership of the corresponding dependency files in order to be able to merge the PRs. | ||
| The action is called by creating a PR. It is necessary that the repository is enabled for auto-merge. | ||
| There are two possibilities to enable the action. | ||
| First, you can use the general GitHub token but the actions does not run on the default branch. | ||
| ```yml | ||
| name: Enable Dependabot Auto-Merge | ||
|
|
@@ -43,6 +45,24 @@ jobs: | |
| dependabot: | ||
| uses: Staffbase/gha-workflows/.github/workflows/[email protected] | ||
| ``` | ||
| Or you can use a specific GitHub app id and private key to generate a new token which can be used for the action. | ||
| ```yml | ||
| name: Enable Dependabot Auto-Merge | ||
|
|
||
| on: pull_request | ||
|
|
||
| jobs: | ||
| dependabot: | ||
| uses: Staffbase/gha-workflows/.github/workflows/[email protected] | ||
| secrets: | ||
| # optional: identifier of the GitHub App for authentication | ||
| app_id: ${{ <your-app-id> }} | ||
| # optional: private key of the GitHub App | ||
| private_key: ${{ <your-private-key> }} | ||
| ``` | ||
| </details> | ||
| ### AutoDev | ||
|
|
||