Dependabot auto-approve #287
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependabot auto-approve | |
| on: | |
| pull_request_target: | |
| branches: | |
| - master | |
| schedule: | |
| - cron: '*/30 * * * *' # Run every 30 minutes | |
| workflow_dispatch: | |
| # Allows manual triggering of the workflow | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| jobs: | |
| trigger-tests: | |
| runs-on: ubuntu-latest | |
| # Checking the author will prevent your Action run failing on non-Dependabot PRs | |
| # Only run this job when triggered by a pull_request_target event | |
| if: github.event_name == 'pull_request_target' && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'datacommonsorg/website' | |
| steps: | |
| - name: Dependabot metadata | |
| id: dependabot-metadata | |
| uses: dependabot/fetch-metadata@v2 | |
| - name: Post /gcbrun comment | |
| run: gh pr comment "$PR_URL" --body "/gcbrun" | |
| env: | |
| GH_TOKEN: ${{ secrets.DEPENDABOT_AUTO_MERGE }} | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| approve-and-merge-7-days: | |
| runs-on: ubuntu-latest | |
| # Only run this on a schedule or manual dispatch | |
| if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.repository == 'datacommonsorg/website' | |
| steps: | |
| - name: Find and process Dependabot PRs older than 7 days | |
| env: | |
| GH_TOKEN: ${{ secrets.DEPENDABOT_AUTO_MERGE }} | |
| run: | | |
| # 1. Prevent Out-of-Date Cascade | |
| # Check if any Dependabot PR is already queued for auto-merge. | |
| # If so, we exit and wait for it to finish to prevent thrashing CI. | |
| ACTIVE_PRS=$(gh pr list \ | |
| --repo "$GITHUB_REPOSITORY" \ | |
| --author "app/dependabot" \ | |
| --limit 100 \ | |
| --json autoMergeRequest \ | |
| -q '[.[] | select(.autoMergeRequest != null)] | length') | |
| if [ "$ACTIVE_PRS" -gt 0 ]; then | |
| echo "A Dependabot PR is currently being processed or tested. Waiting to prevent Out-of-Date Cascade." | |
| exit 0 | |
| fi | |
| # 2. Fetch open dependabot PRs older than 7 days | |
| # We only extract the FIRST one to process synchronously. | |
| PRS=$(gh pr list \ | |
| --repo "$GITHUB_REPOSITORY" \ | |
| --author "app/dependabot" \ | |
| --limit 100 \ | |
| --json url,createdAt \ | |
| -q '[.[] | select(((now - (.createdAt | fromdateiso8601)) / 86400) >= 7)] | .[0].url') | |
| if [ -z "$PRS" ] || [ "$PRS" == "null" ]; then | |
| echo "No eligible dependabot PRs older than 7 days found." | |
| exit 0 | |
| fi | |
| PR_URL="$PRS" | |
| echo "Processing $PR_URL..." | |
| # Approve the PR (ignore if already approved) | |
| gh pr review --approve "$PR_URL" || true | |
| # Enable auto-merge for the PR | |
| gh pr merge --auto --squash "$PR_URL" || true | |
| # 3. Prevent Double-Triggering | |
| # Trigger a rebase asynchronously. When Dependabot finishes the rebase, | |
| # its force-push will natively trigger the pull_request_target event. | |
| # The trigger-tests job handles the /gcbrun test initiation automatically. | |
| gh pr comment "$PR_URL" --body "@dependabot rebase" |