ci(workflows): reimplement @dependabot auto approve and merge

Signed-off-by: Lexus Drumgold <[email protected]>
flex-development · Aug 16, 2022 · 173d1ae · 173d1ae
1 parent 5b057b2
commit 173d1ae
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 35 deletions.
diff --git a/.dictionary.txt b/.dictionary.txt
@@ -21,12 +21,14 @@ esbenp
 fbca
 fpnv
 gpgsign
+hmarr
 iife
 lcov
 lintstagedrc
 micnncim
 mkdist
 nocheck
+noreply
 npmjs
 npmrc
 nums

diff --git a/.github/dependabot-auto-merge.yml b/.github/dependabot-auto-merge.yml
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
diff --git a/.github/workflows/dependabot-auto.yml b/.github/workflows/dependabot-auto.yml
@@ -0,0 +1,74 @@
+# Dependabot Auto
+#
+# Automatically approve Dependabot pull requests and enable auto-merge.
+#
+# Note: @dependabot generates Yarn v1 lockfiles despite this project using a different Yarn version.
+# This breaks the project lockfile. A workaround has been implemented to autofix lockfiles and
+# deduplicate dependencies. See https://github.com/dependabot/dependabot-core/issues/1297 to check
+# if the workaround is safe to remove.
+#
+# References:
+#
+# - https://cli.github.com/manual/gh_pr_merge
+# - https://cli.github.com/manual/gh_pr_review
+# - https://docs.github.com/actions/using-workflows/events-that-trigger-workflows#pull_request
+# - https://docs.github.com/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
+# - https://github.com/actions/checkout
+# - https://github.com/actions/setup-node
+# - https://github.com/dependabot/fetch-metadata
+# - https://github.com/hmarr/debug-action
+
+---
+name: dependabot-auto
+on: pull_request
+permissions:
+  contents: write
+  pull-requests: write
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  YARN_ENABLE_IMMUTABLE_INSTALLS: false
+jobs:
+  dependabot-auto:
+    if: github.actor == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - id: debug
+        name: Print environment variables and event payload
+        uses: hmarr/[email protected]
+      - id: metadata
+        name: Fetch metadata
+        uses: dependabot/[email protected]
+        with:
+          skip-commit-verification: true
+      - id: checkout
+        name: Checkout ${{ github.head_ref }}
+        uses: actions/[email protected]
+        with:
+          persist-credentials: ${{ steps.metadata.outputs.package-ecosystem == 'npm' }}
+          ref: ${{ github.head_ref }}
+      - id: lockfile-fix
+        name: Fix yarn.lock
+        if: steps.metadata.outputs.package-ecosystem == 'npm'
+        run: yarn --mode=update-lockfile
+      - id: dedupe
+        name: Deduplicate dependencies
+        if: steps.metadata.outputs.package-ecosystem == 'npm'
+        run: yarn dedupe --mode=update-lockfile
+      - id: lockfile-push
+        name: Push yarn.lock
+        if: steps.metadata.outputs.package-ecosystem == 'npm'
+        run: |
+          git config --global user.name '${{ github.actor }}'
+          git config --global user.email '49699333+${{ github.actor }}@users.noreply.github.com'
+          git add yarn.lock
+          git status
+          git diff-index --quiet HEAD || git commit -m 'chore(yarn): fix lockfile' && git push -f
+      - id: approve-pr
+        name: Approve pull request
+        run: gh pr review ${{ github.event.number }} --approve
+      - id: enable-auto-merge
+        name: Enable auto-merge
+        if: |
+          steps.metadata.outputs.package-ecosystem == 'github-actions' ||
+          steps.metadata.outputs.update-type != 'version-update:semver-major'
+        run: gh pr merge ${{ github.event.number }} --auto --squash
-Original file line number
+Diff line change
@@ Expand Up / @@ -21,12 +21,14 @@ esbenp @@
     fbca
     fpnv
     gpgsign
+    hmarr
     iife
     lcov
     lintstagedrc
     micnncim
     mkdist
     nocheck
+    noreply
     npmjs
     npmrc
     nums
@@ Expand Down @@