Skip to content

fix: ensure only one dependabot-pr-auto-merge job is running #706

fix: ensure only one dependabot-pr-auto-merge job is running

fix: ensure only one dependabot-pr-auto-merge job is running #706

Workflow file for this run

# SPDX-FileCopyrightText: © Vegard IT GmbH (https://vegardit.com)
# SPDX-FileContributor: Sebastian Thomschke
# SPDX-License-Identifier: Apache-2.0
# SPDX-ArtifactOfProjectHomePage: https://github.com/vegardit/vegardit-maven-parent
#
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
name: Build
on:
push:
branches-ignore: # build all branches except:
- 'dependabot/**' # prevent GHA triggered twice (once for commit to the branch and once for opening/syncing the PR)
tags-ignore: # don't build tags
- '**'
paths-ignore:
- '**/*.adoc'
- '**/*.md'
- '.github/*.yml'
pull_request:
workflow_dispatch:
# https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/
inputs:
additional_maven_args:
description: 'Additional Maven Args'
required: false
default: ''
defaults:
run:
shell: bash
env:
JAVA_VERSION: 11
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Show environment variables
run: env | sort
- name: Git Checkout
uses: actions/checkout@v4 #https://github.com/actions/checkout
- name: Set up JDK ${{ env.JAVA_VERSION }}
uses: actions/setup-java@v3 #https://github.com/actions/setup-java
with:
distribution: temurin
java-version: ${{ env.JAVA_VERSION }}
# reusing CDS archives of the same JVM randomly fails in GitHub Actions with
# "An error has occurred while processing the shared archive file. shared class paths mismatch"
#- name: Calculate Java version checksum
# id: java-version-checksum
# run: |
# echo "md5sum=$(java -version 2>&1 | md5sum | cut -f1 -d" ")" >> $GITHUB_OUTPUT
#- name: Cache Java CDS archive
# uses: actions/cache@v3
# with:
# path: |
# ~/.xshare/${{ steps.java-version-checksum.outputs.md5sum }}
# key: ${{ runner.os }}-xshare-${{ steps.java-version-checksum.outputs.md5sum }}
- name: "Cache: Restore"
id: cache-restore
if: ${{ !env.ACT }} # https://github.com/nektos/act#skipping-steps
uses: actions/cache/restore@v3
with:
path: |
~/.m2/bin
~/.m2/repository
!~/.m2/repository/com/vegardit/maven
key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
- name: Test with Maven
id: maven-test
if: ${{ github.ref_name != 'main' || env.ACT }}
env:
GITHUB_USER: ${{ github.actor }}
GITHUB_API_KEY: ${{ github.token }}
MAY_CREATE_RELEASE: false
run: |
bash .ci/build.sh ${{ github.event.inputs.additional_maven_args }}
- name: Build with Maven
id: maven-build
if: ${{ github.ref_name == 'main' && !env.ACT }}
env:
DEPLOY_SNAPSHOTS_TO_GITHUB_BRANCH: true
GITHUB_USER: ${{ github.actor }}
GITHUB_API_KEY: ${{ secrets.GH_API_TOKEN }}
MAY_CREATE_RELEASE: true
SIGN_KEY: ${{ secrets.GPG_SIGN_KEY }}
SIGN_KEY_PASS: ${{ secrets.GPG_SIGN_KEY_PWD }}
SONATYPE_OSSRH_USER: ${{ secrets.SONATYPE_OSSRH_USER }}
SONATYPE_OSSRH_USER_TOKEN: ${{ secrets.SONATYPE_OSSRH_USER_TOKEN }}
run: |
set -eu
# https://github.community/t/github-actions-bot-email-address/17204
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
bash .ci/build.sh ${{ github.event.inputs.additional_maven_args }}
##################################################
# Cache Update
# See https://github.com/actions/cache/issues/342
##################################################
- name: "Cache: Delete Previous"
if: ${{ steps.cache-restore.outputs.cache-hit && !env.ACT }}
env:
GH_TOKEN: ${{ github.token }}
run: |
gh extension install actions/gh-actions-cache
gh actions-cache delete ${{ steps.cache-restore.outputs.cache-primary-key }} --confirm
- name: "Cache: Update"
uses: actions/cache/save@v3
if: ${{ always() && !cancelled() && !env.ACT }} # save cache even fails
with:
path: |
~/.m2/bin
~/.m2/repository
!~/.m2/repository/com/vegardit/maven
key: ${{ steps.cache-restore.outputs.cache-primary-key }}
dependabot-pr-auto-merge:
needs: build
if: ${{ github.event_name == 'pull_request' && github.actor == 'dependabot[bot]' }}
runs-on: ubuntu-latest
concurrency: dependabot-pr-auto-merge
permissions:
contents: write
pull-requests: write
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v1 # https://github.com/dependabot/fetch-metadata/
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Enable auto-merge for Dependabot PRs
if: |
${{
(
steps.dependabot-metadata.outputs.package-ecosystem == 'github-actions' &&
steps.metadata.outputs.update-type == 'version-update:semver-major'
) || (
steps.dependabot-metadata.outputs.package-ecosystem == 'maven' &&
steps.metadata.outputs.update-type == 'version-update:semver-minor'
)
}}
run: |
gh pr merge --auto --rebase "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}