-
Notifications
You must be signed in to change notification settings - Fork 544
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
b27bad3
commit 394bb33
Showing
2 changed files
with
6 additions
and
76 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,71 +12,27 @@ jobs: | |
dependabot-reviewer: | ||
runs-on: ubuntu-latest | ||
|
||
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} | ||
if: ${{ github.event.pull_request.user.login == 'grafanabot' }} | ||
|
||
steps: | ||
- name: Checkout Repository | ||
uses: actions/checkout@v4 | ||
|
||
- name: Dependabot metadata | ||
id: metadata | ||
uses: dependabot/[email protected] | ||
with: | ||
github-token: "${{ secrets.GITHUB_TOKEN }}" | ||
|
||
- name: Check allowlist | ||
id: check-allowlist | ||
if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' | ||
run: | | ||
cfg_path=".github/workflows/allowlist.json" | ||
IFS=', ' read -r -a libsUpdated <<< "${{ steps.metadata.outputs.dependency-names }}" | ||
# Loop through the array to make sure all updated libraries are in the allowlist | ||
all_in_allowlist="true" | ||
reason_array=() | ||
# If any element is not in the allowlist, set the flag to false | ||
for lib in "${libsUpdated[@]}"; do | ||
exists=$(jq --arg lib "$lib" 'any(.[]; .name == $lib)' $cfg_path) | ||
if [[ "$exists" != "true" ]]; then | ||
all_in_allowlist="false" | ||
break | ||
else | ||
reason_array+=("$(jq -r --arg lib "$lib" '.[] | select(.name == $lib) | .reason' $cfg_path)") | ||
fi | ||
done | ||
if [[ "$all_in_allowlist" == "true" ]]; then | ||
reasons=$(IFS=','; echo "${reason_array[*]}") | ||
echo "reasons=$reasons" >> $GITHUB_OUTPUT | ||
echo "allInAllowlist=true" >> $GITHUB_OUTPUT | ||
else | ||
echo "allInAllowlist=false" >> $GITHUB_OUTPUT | ||
fi | ||
- name: Approve and auto-merge | ||
if: steps.check-allowlist.conclusion == 'success' && steps.check-allowlist.outputs.allInAllowlist == 'true' | ||
id: auto-merge | ||
if: contains(github.ref, 'helm-chart-weekly-') | ||
run: | | ||
gh pr merge --auto --squash "$PR_URL" | ||
gh pr review $PR_URL \ | ||
--approve -b "**I'm approving** this pull request because it includes a patch or minor \ | ||
update to dependencies that are already in the allowlist. | ||
The reason this library is in the allowlist is that ${{ steps.check-allowlist.outputs.reasons}}" | ||
--approve -b "**I'm approving** this pull request, since it is a helm release." | ||
env: | ||
PR_URL: ${{github.event.pull_request.html_url}} | ||
GITHUB_TOKEN: ${{secrets.GH_BOT_ACCESS_TOKEN}} | ||
|
||
- name: Manual review is required | ||
if: steps.check-allowlist.conclusion != 'success' || steps.check-allowlist.outputs.allInAllowlist == 'false' | ||
if: steps.auto-merge.conclusion != 'success' | ||
run: | | ||
gh pr comment $PR_URL --body "**This library is not auto-approved** | ||
Unfortunately, this library is a major version update or it is not included in our allowlist, which means it cannot be auto-approved. \ | ||
If you believe it should be considered for auto-approval, please open a pull request to add \ | ||
it to the allowlist configuration. | ||
To add this library to the allowlist, please modify the [allowlist.json](https://github.com/grafana/mimir/tree/main/.github/workflows/allowlist.json) file and \ | ||
include the necessary details for review." | ||
gh pr comment $PR_URL --body "**This PR from grafanabot requires manual review.**" | ||
env: | ||
PR_URL: ${{github.event.pull_request.html_url}} | ||
|