Skip to content

Commit

Permalink
[TASK] Auto-merge dependabot PRs
Browse files Browse the repository at this point in the history
  • Loading branch information
@andreaskienast
andreaskienast committed Apr 5, 2023
1 parent 1b7c44d commit af43c10
Show file tree
Hide file tree
Showing 3 changed files with 114 additions and 9 deletions.
24 changes: 24 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,27 @@ updates:
commit-message:
prefix: "[DEP]"
prefix-development: "[DEP-DEV]"

- package-ecosystem: "composer"
directory: "/"
schedule:
interval: "daily"
registries:
- composer
commit-message:
prefix: "[DEP]"
prefix-development: "[DEP-DEV]"

- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
commit-message:
prefix: "[DEP]"

registries:
composer:
type: composer-repository
url: https://repo.packagist.com/typo3gmbh/
username: token
password: ${{secrets.PACKAGIST_AUTH_TOKEN}}
55 changes: 46 additions & 9 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,20 @@ on:
- develop
pull_request:

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

permissions:
actions: read
checks: write
contents: read
id-token: write
packages: read
pull-requests: write
repository-projects: read
statuses: write

jobs:
build-php:
name: Build ${{ matrix.php }} / ${{ matrix.symfony }}
Expand All @@ -26,31 +40,33 @@ jobs:
- symfony: '^5.4'
deprecations: ''
steps:

- name: Checkout
uses: actions/checkout@v3

- uses: ouzi-dev/commit-status-updater@v2
name: GithubActions - ${GITHUB_WORKFLOW} - ${job.name}

- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: ${{ matrix.php }}
extensions: mbstring, xml, ctype, iconv
coverage: none

- name: Get Composer Cache Directory
- name: Setup Composer cache
id: composer-cache
run: |
echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
- name: Cache composer dependencies
- name: Recover Composer caches
uses: actions/cache@v3
with:
path: ${{ steps.composer-cache.outputs.dir }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock', '**/composer.json') }}
restore-keys: |
${{ runner.os }}-composer-
- name: Install
- name: Install dependencies (Composer)
run: |
sed -ri 's/"symfony\/dependency-injection": "(.+)"/"symfony\/dependency-injection": "'${{ matrix.symfony }}'"/' composer.json;
sed -ri 's/"symfony\/form": "(.+)"/"symfony\/form": "'${{ matrix.symfony }}'"/' composer.json;
Expand Down Expand Up @@ -78,25 +94,40 @@ jobs:
git status
git status | grep -q "nothing to commit, working tree clean"
- uses: ouzi-dev/commit-status-updater@v2
name: GithubActions - ${GITHUB_WORKFLOW} - ${job.name}
if: always()
with:
status: "${{ job.status }}"

build-frontend:
name: Build Frontend
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3

- name: NPM Cache
- uses: ouzi-dev/commit-status-updater@v2
name: GithubActions - ${GITHUB_WORKFLOW} - ${job.name}

- name: Setup npm cache
id: npm-cache-dir
shell: bash
run: |
echo "dir=$(npm config get cache)" >> ${GITHUB_OUTPUT}
- name: Recover npm caches
uses: actions/cache@v3
with:
path: ~/.npm
path: ${{ steps.npm-cache-dir.outputs.dir }}
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: NPM Install
- name: Install dependencies (npm)
run: npm ci

- name: NPM Build
- name: Build frontend artifacts
run: npm run build

- name: Stylelint
Expand All @@ -106,3 +137,9 @@ jobs:
run: |
git status
git status | grep -q "nothing to commit, working tree clean"
- uses: ouzi-dev/commit-status-updater@v2
name: GithubActions - ${GITHUB_WORKFLOW} - ${job.name}
if: always()
with:
status: "${{ job.status }}"
44 changes: 44 additions & 0 deletions .github/workflows/dependabot-auto-merge.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
name: Dependabot auto-merge
on: pull_request

permissions:
contents: write
pull-requests: write

jobs:
dependabot:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.3.1

- name: Enable auto-merge for Dependabot PRs
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

- name: Approve patch and minor updates
if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}
run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

- name: Approve major updates of development dependencies
if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}}
run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a major update of a dependency used only in development**"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

- name: Comment on major updates of non-development dependencies
if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}}
run: |
gh pr comment $PR_URL --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**"
gh pr edit $PR_URL --add-label "requires-manual-qa"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

0 comments on commit af43c10

Please sign in to comment.