Dependabot and mergify configuration for Gh actions (#965)

allegro · Nov 24, 2022 · 88731e0 · 88731e0
1 parent bd2e3c6
commit 88731e0
Show file tree

Hide file tree

Showing 6 changed files with 51 additions and 2 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,17 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+#
+#  Prototype for node ecosystem, needs to be configured
+#
+#  - package-ecosystem: "npm"
+#    directory: "/"
+#    schedule:
+#      interval: "daily"
+#    allow:
+#      # allow only production updates
+#      - dependency-name: "*"
+#        dependency-type: "production"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -65,3 +65,9 @@ jobs:
     needs: required-checks
     uses: ./.github/workflows/reports.yml
     secrets: inherit
+
+  all-checks:
+    needs: [required-checks, deploy, reports]
+    runs-on: ubuntu-latest
+    steps:
+      - run: exit 0
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -12,7 +12,6 @@ jobs:
     if: github.repository == 'allegro/turnilo'
 
     env:
-      IMAGE_NAME: eu.gcr.io/${{ secrets.GCP_PROJECT_ID }}/turnilo
       TAG_NAME: ${{ github.head_ref || 'latest' }}
 
     steps:
@@ -24,6 +23,9 @@ jobs:
         with:
           credentials_json: ${{ secrets.GCP_SA_KEY }}
 
+      - name: Set Docker image name
+        run: echo "IMAGE_NAME=eu.gcr.io/$GCP_PROJECT/turnilo" >> $GITHUB_ENV
+
       - name: Configure Docker
         run: gcloud auth configure-docker --quiet
 

diff --git a/.github/workflows/undeploy.yml b/.github/workflows/undeploy.yml
@@ -13,7 +13,6 @@ jobs:
     if: github.repository == 'allegro/turnilo'
 
     env:
-      IMAGE_NAME: eu.gcr.io/${{ secrets.GCP_PROJECT_ID }}/turnilo
       TAG_NAME: ${{ github.head_ref }}
 
     steps:
@@ -25,6 +24,9 @@ jobs:
         with:
           credentials_json: ${{ secrets.GCP_SA_KEY }}
 
+      - name: Set Docker image name
+        run: echo "IMAGE_NAME=eu.gcr.io/$GCP_PROJECT/turnilo" >> $GITHUB_ENV
+
       - name: Undeploy app
         run: |
           gcloud run services delete turnilo-${TAG_NAME//[^a-z0-9]/-} \

diff --git a/.mergify.yml b/.mergify.yml
@@ -0,0 +1,19 @@
+pull_request_rules:
+  - name: automatic merge for GitHub actions
+    conditions:
+      - author=dependabot[bot]
+      - check-success=all-checks # check all actions
+      - label=github-actions # label assigned by dependabot
+      - base=master
+    actions:
+      merge:
+        method: rebase
+  - name: automatic merge for Node dependencies
+    conditions:
+      - author=dependabot[bot]
+      - check-success=required-checks # check required actions only
+      - label=npm # label assigned by dependabot
+      - base=master
+    actions:
+      merge:
+        method: rebase
diff --git a/.npmrc b/.npmrc
@@ -1 +1,4 @@
+; dependencies saved to package.json will be configured with an exact version rather than using npm's default semver range operator
 save-exact=true
+; stop 'npm install' from sending an audit report
+audit = false