[Snyk] Security upgrade next from 11.1.2 to 14.2.7 #192

Workflow file for this run

.github/workflows/automerge-dependencies.yml at b39dabd

	name: Auto Merge Dependency Updates

	# What it does:
	# - automerge-internal: Automatically merge dependabot's pull requests in the internal repository.
	# - close-external: Automatically close dependabot's pull requests in the open-source repository.
	# Why we have it:
	# - automerge-internal: To keep our dependencies up-to-date, to avoid security issues.
	# - close-external: To avoid duplicating updates against the internal repository.
	# Who does it impact: It helps docs engineering focus on higher value work.

	on:
	pull_request_target:
	paths:
	- 'package*.json'
	- 'Gemfile*'
	- 'Dockerfile'
	- '.github/workflows/**'
	pull_request_review:
	types:
	- edited
	- submitted

	permissions:
	contents: read
	pull-requests: write

	jobs:
	automerge-internal:
	if: >-
	${{
	github.repository == 'github/docs-internal' &&
	github.event.pull_request.number &&
	github.event.pull_request.base.ref == 'main' &&
	github.event.pull_request.user.login == 'dependabot[bot]' &&
	github.event.pull_request.state == 'open'
	}}
	runs-on: ubuntu-latest
	steps:
	- uses: tjenkinson/gh-action-auto-merge-dependency-updates@c47f6255e06f36e84201ee940466e731ffa6e885
	with:
	repo-token: ${{ secrets.GITHUB_TOKEN }}
	allowed-actors: dependabot[bot]

	close-external:
	if: >-
	${{
	github.repository == 'github/docs' &&
	github.event.pull_request.number &&
	github.event.pull_request.base.ref == 'main' &&
	github.event.pull_request.user.login == 'dependabot[bot]' &&
	github.event.pull_request.state == 'open'
	}}
	runs-on: ubuntu-latest
	steps:
	- name: Close pull request
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PR_URL: ${{ github.event.pull_request.html_url }}
	run: \|
	gh pr close "$PR_URL"

	- name: Comment on the pull request
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	PR_URL: ${{ github.event.pull_request.html_url }}
	run: \|
	gh pr comment "$PR_URL" --body "This dependency update will be handled internally by our engineering team."

	# Because we get far too much spam ;_;
	- name: Lock conversations
	uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
	env:
	PR_NUMBER: ${{ github.event.pull_request.number }}
	with:
	script: \|
	try {
	await github.issues.lock({
	...context.repo,
	issue_number: parseInt(process.env.PR_NUMBER, 10),
	lock_reason: 'resolved'
	})
	console.log('Locked the pull request to prevent spam!')
	} catch (error) {
	console.error(`Failed to lock the pull request. Error: ${error}`)
	throw error
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade next from 11.1.2 to 14.2.7 #192

Workflow file

[Snyk] Security upgrade next from 11.1.2 to 14.2.7 #192

Jobs

Run details

Workflow file for this run