Skip to content

Commit a6fc93e

Browse files
Raouf25Raouf25
authored
feat: enhance Dependabot workflow with improved permissions and auto-merge capabilities (#180)
1 parent 7d648da commit a6fc93e

File tree

1 file changed

+14
-12
lines changed

1 file changed

+14
-12
lines changed

.github/workflows/dependabot-reviewer.yml

Lines changed: 14 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -46,32 +46,34 @@ jobs:
4646
needs: build
4747
runs-on: ubuntu-latest
4848
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
49+
50+
permissions:
51+
id-token: write
52+
contents: write
53+
pull-requests: write
54+
55+
env:
56+
PR_URL: ${{github.event.pull_request.html_url}}
57+
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
58+
4959
steps:
5060
- name: Dependabot metadata
5161
id: dependabot-metadata
5262
uses: dependabot/fetch-metadata@v2
63+
5364
- name: Enable auto-merge for Dependabot PRs
5465
run: gh pr merge --auto --merge "$PR_URL"
55-
env:
56-
PR_URL: ${{github.event.pull_request.html_url}}
57-
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
66+
5867
- name: Approve patch and minor updates
5968
if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}
6069
run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because it includes a ${{steps.dependabot-metadata.outputs.update-type}} update"
61-
env:
62-
PR_URL: ${{github.event.pull_request.html_url}}
63-
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
70+
6471
- name: Approve major updates of development dependencies
6572
if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}}
6673
run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a major update of a dependency used only in development**"
67-
env:
68-
PR_URL: ${{github.event.pull_request.html_url}}
69-
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
74+
7075
- name: Comment on major updates of non-development dependencies
7176
if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}}
7277
run: |
7378
gh pr comment $PR_URL --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**"
7479
gh pr edit $PR_URL --add-label "requires-manual-qa"
75-
env:
76-
PR_URL: ${{github.event.pull_request.html_url}}
77-
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

0 commit comments

Comments
 (0)