From 2d8d301da60f34f511a14f0d6afb529161c35578 Mon Sep 17 00:00:00 2001 From: toms74209200 Date: Sat, 24 Feb 2024 23:44:58 +0900 Subject: [PATCH] Add dependabot for GitHub Actions dependencies --- .github/dependabot.yml | 12 ++++++++++ .github/workflows/test-dependabot.yml | 32 +++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/test-dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..3ce616e --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for more information: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates +# https://containers.dev/guide/dependabot + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/test-dependabot.yml b/.github/workflows/test-dependabot.yml new file mode 100644 index 0000000..7ed6c86 --- /dev/null +++ b/.github/workflows/test-dependabot.yml @@ -0,0 +1,32 @@ +name: Check dependabot update + +on: + pull_request: + branches: + - main + paths: + - .github/workflows/*.yml + +permissions: + contents: write + pull-requests: write + +jobs: + test-feature: + uses: ./.github/workflows/test-feature.yml + dependabot-auto-approve: + needs: + - test-feature + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v1.6.0 + with: + github-token: '${{ secrets.GITHUB_TOKEN }}' + - name: Enable auto-merge for Dependabot PRs + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file