From 98c329e6b14a23ef23d9684b8044c887b1b49182 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Wed, 22 Oct 2025 13:48:51 +0200 Subject: [PATCH] ROX-31317: disable mintmaker auto-approvals for release branches (#2609) --- .github/renovate.json5 | 37 +++++++++++++++++++----------- .github/workflows/auto-approve.yml | 4 ++-- 2 files changed, 25 insertions(+), 16 deletions(-) diff --git a/.github/renovate.json5 b/.github/renovate.json5 index f4123b3de4..64174e037a 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -72,18 +72,27 @@ "dockerfile", "rpm-lockfile", ], - "packageRules": [{ - "matchPackageNames": ["/.*/"], - "groupName": "All updates", - "automerge": true, - // A known issue is that some non-Konflux CI jobs in currently fail, which may prevent successful auto-merging with a "branch" auto-merge setting. - // Therefore, we use PR merge type and have automation approve PRs. - "automergeType": "pr", - "automergeStrategy": "squash", - // Tell Renovate that it can automerge branches at any time of the day. - "automergeSchedule": [ - "at any time" - ], - }], - "labels": ["auto-approve", "build-builder-image","rebuild-test-container"], + "packageRules": [ + { + "matchPackageNames": [ + "*", + ], + "groupName": "All updates", + "automerge": true, + // A known issue is that some non-Konflux CI jobs currently fail, which may prevent successful auto-merging with a "branch" auto-merge setting. + // Therefore, we use PR merge type and have automation approve PRs. + "automergeType": "pr", + "automergeStrategy": "squash", + // Tell Renovate that it can automerge branches at any time of the day. + "automergeSchedule": [ + "at any time", + ], + } + ], + "labels": [ + // Add auto-approve label which triggers the corresponding workflow. + "auto-approve", + "build-builder-image", + "rebuild-test-container", + ], } diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index fbf3e23325..5277bbace8 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -7,9 +7,9 @@ on: jobs: auto-approve: - name: Auto-approve Konflux updates + name: Auto-approve Konflux updates for default branch runs-on: ubuntu-latest - if: github.actor == 'red-hat-konflux[bot]' && github.event.label.name == 'auto-approve' + if: github.actor == 'red-hat-konflux[bot]' && github.event.label.name == 'auto-approve' && github.event.pull_request.base.ref == github.event.pull_request.base.repo.default_branch steps: - env: GH_TOKEN: ${{ secrets.RHACS_BOT_GITHUB_TOKEN }}