From 0f12ee7e223423efef1fd20004bfe348d7c59baf Mon Sep 17 00:00:00 2001 From: James McKinney <26463+jpmckinney@users.noreply.github.com> Date: Thu, 21 Mar 2024 17:12:14 -0400 Subject: [PATCH] ci: Add automerge workflow --- .github/workflows/automerge.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/automerge.yml diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml new file mode 100644 index 00000000..b3e3bc41 --- /dev/null +++ b/.github/workflows/automerge.yml @@ -0,0 +1,25 @@ +# The pull_request_target workflow trigger is dangerous. Do not add unrelated logic to this workflow. +# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ +# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target +name: Auto-merge +on: pull_request_target +permissions: + pull-requests: write # to approve the PR + contents: write # to merge the PR +jobs: + dependabot: + if: ${{ github.actor == 'dependabot[bot]' }} + runs-on: ubuntu-latest + steps: + - id: dependabot-metadata + uses: dependabot/fetch-metadata@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + - if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh pr review --approve ${{ github.event.pull_request.html_url }} + - if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh pr merge --auto --squash ${{ github.event.pull_request.html_url }}