diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml index 7c31bfb..b56bf4a 100644 --- a/.github/workflows/auto-approve.yml +++ b/.github/workflows/auto-approve.yml @@ -1,6 +1,6 @@ name: auto-approve on: - pull_request: + pull_request_target: types: - opened - labeled @@ -16,17 +16,17 @@ jobs: if: contains(github.event.pull_request.labels.*.name, 'auto-approve') && github.event.pull_request.draft == false steps: - name: Checkout PR - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} - name: Auto-approve PRs by other users as team-tf-cdk - if: github.event.pull_request.user.login != 'team-tf-cdk' && github.actor != 'dependabot[bot]' + if: github.event.pull_request.user.login != 'team-tf-cdk' && (contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association) || github.actor == 'dependabot[bot]') env: GH_TOKEN: ${{ secrets.TEAM_TF_CDK }} run: gh pr review ${{ github.event.pull_request.number }} --approve - - name: Auto-approve PRs by team-tf-cdk or Dependabot as github-actions[bot] - if: github.event.pull_request.user.login == 'team-tf-cdk' || github.actor == 'dependabot[bot]' + - name: Auto-approve PRs by team-tf-cdk as github-actions[bot] + if: github.event.pull_request.user.login == 'team-tf-cdk' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: gh pr review ${{ github.event.pull_request.number }} --approve diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml index a31c1ab..7091bee 100644 --- a/.github/workflows/automerge.yml +++ b/.github/workflows/automerge.yml @@ -1,6 +1,6 @@ name: automerge on: - pull_request: + pull_request_target: types: - opened - labeled @@ -13,18 +13,12 @@ jobs: runs-on: ubuntu-latest permissions: contents: read - pull-requests: write if: contains(github.event.pull_request.labels.*.name, 'automerge') && github.event.pull_request.draft == false steps: - name: Checkout - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: Turn on automerge for this PR by Dependabot - if: github.actor == 'dependabot[bot]' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: gh pr merge --auto --squash ${{ github.event.pull_request.number }} - - name: Turn on automerge for this PR by users other than Dependabot - if: github.actor != 'dependabot[bot]' + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 + - name: Turn on automerge for this PR by trusted users + if: contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association) || github.actor == 'dependabot[bot]' env: GH_TOKEN: ${{ secrets.TEAM_TF_CDK }} run: gh pr merge --auto --squash ${{ github.event.pull_request.number }} diff --git a/.github/workflows/upgrade-node.yml b/.github/workflows/upgrade-node.yml index 59265eb..c459d2e 100644 --- a/.github/workflows/upgrade-node.yml +++ b/.github/workflows/upgrade-node.yml @@ -35,7 +35,7 @@ jobs: if: env.CURRENT_NODEJS_VERSION_SHORT != env.NEW_NODEJS_VERSION_SHORT run: |- npm pkg set engines.node=">= $NEW_NODEJS_VERSION" - yarn add -D @types/node@^$NEW_NODEJS_VERSION_SHORT + yarn add -W -D @types/node@^$NEW_NODEJS_VERSION_SHORT # If there are other steps you need to take in your project to update Node.js everywhere, add those here - name: Get values for pull request id: latest_version diff --git a/package.json b/package.json index b10687b..02b5afa 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "destroy:frontend": "yarn workspace frontend run destroy" }, "engines": { - "node": ">=10.12" + "node": ">= 10.12" }, "dependencies": { "@cdktf/provider-aws": "^17.0.11",