From 08a7007e48bc68bd854ec2b765bfbdf7ddabd5a2 Mon Sep 17 00:00:00 2001
From: Rico Huijbers <rix0rrr@gmail.com>
Date: Wed, 19 Feb 2020 10:50:52 +0100
Subject: [PATCH] chore: automatically approve dependabot PRs (#6280)

Right now it falls to @NLG321 to approve all Dependabot PRs. When he
gets around to it, it's likely that conflicts have been introduced into
the `package.json` and `package-lock.json` files and the PR won't
automatically merge anymore.

Let's take the human out of the loop and use GitHub Actions to
automatically approve Dependabot's PRs, and configure Mergify
appropriately for Dependabot PRs.
---
 .github/workflows/auto-approve-dependabot.yml | 27 +++++++++++++++++++
 .mergify.yml                                  | 22 +++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 .github/workflows/auto-approve-dependabot.yml

diff --git a/.github/workflows/auto-approve-dependabot.yml b/.github/workflows/auto-approve-dependabot.yml
new file mode 100644
index 0000000000000..5eb14a05c1890
--- /dev/null
+++ b/.github/workflows/auto-approve-dependabot.yml
@@ -0,0 +1,27 @@
+# Automatically approve PRs made by Dependabot
+#
+# Written to look at the original author of the PR (instead of the current
+# actor) in order to be able to backresolve existing PRs using this action (by
+# mass labeling them). Leads to slightly unnecessary spammage of aprovals in a
+# PR...
+#
+# Only does approvals! A different GitHub Action takes care of merging.
+name: Auto-approve Dependabot
+on:
+  pull_request:
+    types:
+      - labeled
+      - opened
+      - ready_for_review
+      - reopened
+      - synchronize
+      - unlabeled
+      - unlocked
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: hmarr/auto-approve-action@7782c7e2bdf62b4d79bdcded8332808fd2f179cd
+      if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'dependabot-preview[bot]'
+      with:
+        github-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.mergify.yml b/.mergify.yml
index 93d8dd08d7bea..c3c903c5d5f65 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -90,3 +90,25 @@ pull_request_rules:
       - status-failure=Semantic Pull Request
       - -merged
       - -closed
+  - name: automatic merge of Dependabot PRs
+    actions:
+      comment:
+        message: Thanks Dependabot!
+      merge:
+        # 'strict: false' disables Mergify keeping the branch up-to-date from master.
+        # It's not necessary: Dependabot will do that itself.
+        # It's not dangerous: GitHub branch protection settings prevent merging stale branches.
+        strict: false
+        method: squash
+      delete_head_branch: {}
+    conditions:
+      - -title~=(WIP|wip)
+      - -label~=(blocked|do-not-merge)
+      - -merged
+      - -closed
+      - author~=dependabot
+      - "#approved-reviews-by>=1"
+      - "#changes-requested-reviews-by=0"
+      - status-success~=AWS CodeBuild us-east-1
+      - status-success=Semantic Pull Request
+      - status-success=mandatory-changes