From e4ab6075d56f0b6afd23755bb9a8c24fff4e2089 Mon Sep 17 00:00:00 2001
From: Cheyu Wu <cheyu1220@gmail.com>
Date: Mon, 5 May 2025 19:39:30 +0800
Subject: [PATCH 1/4] [Feature] Dependabot send out issue if package upgrade
 failure

---
 .github/workflows/dependabot-notifier.yaml | 102 +++++++++++++++++++++
 1 file changed, 102 insertions(+)
 create mode 100644 .github/workflows/dependabot-notifier.yaml

diff --git a/.github/workflows/dependabot-notifier.yaml b/.github/workflows/dependabot-notifier.yaml
new file mode 100644
index 00000000000..ea5ca699b8f
--- /dev/null
+++ b/.github/workflows/dependabot-notifier.yaml
@@ -0,0 +1,102 @@
+name: Dependabot Upgrade Monitor
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  monitor-dependabot:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Wait for checks to complete
+        uses: WyriHaximus/github-action-wait-for-status@v1.8.0
+        with:
+          ignoreActions: monitor-dependabot
+          checkInterval: 60
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Check if PR is failing
+        id: check
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const sha = context.payload.pull_request.head.sha;
+            const owner = context.repo.owner;
+            const repo = context.repo.repo;
+            const { data: checkRunsData } = await github.rest.checks.listForRef({
+              owner,
+              repo,
+              ref: sha,
+            });
+            const checkRuns = checkRunsData.check_runs;
+            if (checkRuns.length === 0) {
+              core.setFailed("No status checks found for this PR.");
+              return;
+            }
+            const failedChecks = checkRuns.filter(
+              check => check.status === 'completed' && check.conclusion !== 'success'
+            );
+            if (failedChecks.length > 0) {
+              console.log("Some checks failed:");
+              failedChecks.forEach(check => {
+                console.log(`- ${check.name}: ${check.conclusion}`);
+              });
+              core.setFailed("Some required checks did not pass.");
+            } else {
+              console.log("All checks passed.");
+            }
+      - name: Create issue on failure
+        if: failure() && github.event.action == 'opened'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.issues.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              title: `Dependabot upgrade failed: #${context.issue.number} - ${context.payload.pull_request.title}`,
+              body: `
+              🚨 **Dependabot Upgrade Failed**
+
+              The following Dependabot pull request could not be merged automatically due to failed or incomplete status checks:
+
+              - **PR:** [#${context.issue.number}](${context.payload.pull_request.html_url})
+              - **Status:** Not mergeable
+
+              Please review the PR and resolve any conflicts or CI issues to proceed with the upgrade.`,
+              labels: ["dependencies", "enhancement", "go"],
+            });
+
+      - name: Assign maintainers on success
+        if: success()
+        uses: actions/github-script@v7
+        with:
+          script: |
+            // Step 1: Get collaborators
+            const collaborators = await github.paginate(
+              github.rest.repos.listCollaborators,
+              {
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                affiliation: 'direct',
+                per_page: 100
+              }
+            );
+
+            // Step 2: Filter maintainers
+            const maintainers = collaborators
+              .filter(user => user.permissions.admin)
+              .map(user => user.login);
+
+            // Step 3: Assign to the PR
+            if (maintainers.length > 0) {
+              await github.rest.issues.addAssignees({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                assignees: maintainers,
+              });
+            } else {
+              console.warn("No maintainers found to assign.");
+            }

From f03d7f3631800a74169d8571a395412b08aa6938 Mon Sep 17 00:00:00 2001
From: Cheyu Wu <cheyu1220@gmail.com>
Date: Mon, 5 May 2025 19:52:36 +0800
Subject: [PATCH 2/4] fix: use pr owner to ensure the pr is opened by
 dependabot

---
 .github/workflows/dependabot-notifier.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot-notifier.yaml b/.github/workflows/dependabot-notifier.yaml
index ea5ca699b8f..c3c22b8f6d3 100644
--- a/.github/workflows/dependabot-notifier.yaml
+++ b/.github/workflows/dependabot-notifier.yaml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   monitor-dependabot:
-    if: github.actor == 'dependabot[bot]'
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
     runs-on: ubuntu-latest
     steps:
       - name: Wait for checks to complete

From 42d84194f418441e3b07c3ed8e9a2fbb42bbddac Mon Sep 17 00:00:00 2001
From: Cheyu Wu <cheyu1220@gmail.com>
Date: Tue, 6 May 2025 02:12:48 +0800
Subject: [PATCH 3/4] chore: add full maintainer list

---
 .github/workflows/dependabot-notifier.yaml | 34 +++++-----------------
 1 file changed, 7 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/dependabot-notifier.yaml b/.github/workflows/dependabot-notifier.yaml
index c3c22b8f6d3..30ffe972983 100644
--- a/.github/workflows/dependabot-notifier.yaml
+++ b/.github/workflows/dependabot-notifier.yaml
@@ -73,30 +73,10 @@ jobs:
         uses: actions/github-script@v7
         with:
           script: |
-            // Step 1: Get collaborators
-            const collaborators = await github.paginate(
-              github.rest.repos.listCollaborators,
-              {
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                affiliation: 'direct',
-                per_page: 100
-              }
-            );
-
-            // Step 2: Filter maintainers
-            const maintainers = collaborators
-              .filter(user => user.permissions.admin)
-              .map(user => user.login);
-
-            // Step 3: Assign to the PR
-            if (maintainers.length > 0) {
-              await github.rest.issues.addAssignees({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                issue_number: context.issue.number,
-                assignees: maintainers,
-              });
-            } else {
-              console.warn("No maintainers found to assign.");
-            }
+            const maintainers = ["dentiny", "kevin85421", "MortalHappiness", "rueian"];
+            await github.rest.issues.addAssignees({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              assignees: maintainers,
+            });

From b30ff5b2f5831d16d7e067ab956601e0428e6926 Mon Sep 17 00:00:00 2001
From: Cheyu Wu <cheyu1220@gmail.com>
Date: Tue, 6 May 2025 02:31:47 +0800
Subject: [PATCH 4/4] fix: add permission to write issue and pr

---
 .github/workflows/dependabot-notifier.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/dependabot-notifier.yaml b/.github/workflows/dependabot-notifier.yaml
index 30ffe972983..a4030a869bf 100644
--- a/.github/workflows/dependabot-notifier.yaml
+++ b/.github/workflows/dependabot-notifier.yaml
@@ -4,6 +4,10 @@ on:
   pull_request:
     types: [opened, synchronize]
 
+permissions:
+  issues: write
+  pull-requests: write
+
 jobs:
   monitor-dependabot:
     if: github.event.pull_request.user.login == 'dependabot[bot]'