Skip to content

[Snyk] Security upgrade next from 11.1.2 to 14.2.7 #193

[Snyk] Security upgrade next from 11.1.2 to 14.2.7

[Snyk] Security upgrade next from 11.1.2 to 14.2.7 #193

name: Auto Merge Dependency Updates
# **What it does**:
# - automerge-internal: Automatically merge dependabot's pull requests in the internal repository.
# - close-external: Automatically close dependabot's pull requests in the open-source repository.
# **Why we have it**:
# - automerge-internal: To keep our dependencies up-to-date, to avoid security issues.
# - close-external: To avoid duplicating updates against the internal repository.
# **Who does it impact**: It helps docs engineering focus on higher value work.
on:
pull_request_target:
paths:
- 'package*.json'
- 'Gemfile*'
- 'Dockerfile'
- '.github/workflows/**'
pull_request_review:
types:
- edited
- submitted
permissions:
contents: read
pull-requests: write
jobs:
automerge-internal:
if: >-
${{
github.repository == 'github/docs-internal' &&
github.event.pull_request.number &&
github.event.pull_request.base.ref == 'main' &&
github.event.pull_request.user.login == 'dependabot[bot]' &&
github.event.pull_request.state == 'open'
}}
runs-on: ubuntu-latest
steps:
- uses: tjenkinson/gh-action-auto-merge-dependency-updates@c47f6255e06f36e84201ee940466e731ffa6e885
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
allowed-actors: dependabot[bot]
close-external:
if: >-
${{
github.repository == 'github/docs' &&
github.event.pull_request.number &&
github.event.pull_request.base.ref == 'main' &&
github.event.pull_request.user.login == 'dependabot[bot]' &&
github.event.pull_request.state == 'open'
}}
runs-on: ubuntu-latest
steps:
- name: Close pull request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_URL: ${{ github.event.pull_request.html_url }}
run: |
gh pr close "$PR_URL"
- name: Comment on the pull request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_URL: ${{ github.event.pull_request.html_url }}
run: |
gh pr comment "$PR_URL" --body "This dependency update will be handled internally by our engineering team."
# Because we get far too much spam ;_;
- name: Lock conversations
uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
with:
script: |
try {
await github.issues.lock({
...context.repo,
issue_number: parseInt(process.env.PR_NUMBER, 10),
lock_reason: 'resolved'
})
console.log('Locked the pull request to prevent spam!')
} catch (error) {
console.error(`Failed to lock the pull request. Error: ${error}`)
throw error
}