chore: automatically approve dependabot PRs (aws#6280)

Right now it falls to @NLG321 to approve all Dependabot PRs. When he gets around to it, it's likely that conflicts have been introduced into the `package.json` and `package-lock.json` files and the PR won't automatically merge anymore. Let's take the human out of the loop and use GitHub Actions to automatically approve Dependabot's PRs, and configure Mergify appropriately for Dependabot PRs.
Vboivin · Feb 19, 2020 · 08a7007 · 08a7007
1 parent a93e4d5
commit 08a7007
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 0 deletions.
diff --git a/.github/workflows/auto-approve-dependabot.yml b/.github/workflows/auto-approve-dependabot.yml
@@ -0,0 +1,27 @@
+# Automatically approve PRs made by Dependabot
+#
+# Written to look at the original author of the PR (instead of the current
+# actor) in order to be able to backresolve existing PRs using this action (by
+# mass labeling them). Leads to slightly unnecessary spammage of aprovals in a
+# PR...
+#
+# Only does approvals! A different GitHub Action takes care of merging.
+name: Auto-approve Dependabot
+on:
+  pull_request:
+    types:
+      - labeled
+      - opened
+      - ready_for_review
+      - reopened
+      - synchronize
+      - unlabeled
+      - unlocked
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: hmarr/auto-approve-action@7782c7e2bdf62b4d79bdcded8332808fd2f179cd
+      if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'dependabot-preview[bot]'
+      with:
+        github-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.mergify.yml b/.mergify.yml
@@ -90,3 +90,25 @@ pull_request_rules:
       - status-failure=Semantic Pull Request
       - -merged
       - -closed
+  - name: automatic merge of Dependabot PRs
+    actions:
+      comment:
+        message: Thanks Dependabot!
+      merge:
+        # 'strict: false' disables Mergify keeping the branch up-to-date from master.
+        # It's not necessary: Dependabot will do that itself.
+        # It's not dangerous: GitHub branch protection settings prevent merging stale branches.
+        strict: false
+        method: squash
+      delete_head_branch: {}
+    conditions:
+      - -title~=(WIP|wip)
+      - -label~=(blocked|do-not-merge)
+      - -merged
+      - -closed
+      - author~=dependabot
+      - "#approved-reviews-by>=1"
+      - "#changes-requested-reviews-by=0"
+      - status-success~=AWS CodeBuild us-east-1
+      - status-success=Semantic Pull Request
+      - status-success=mandatory-changes