dependabot-auto-merge #16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: dependabot-auto-merge | |
| # Auto-merge Dependabot pull requests once the `build` workflow (compile + tests) | |
| # has completed successfully for them. | |
| # | |
| # This is triggered by the COMPLETION of the build workflow rather than by the PR | |
| # itself, so a merge only ever happens after build + test pass. `workflow_run` | |
| # also runs in the base-repo context with a normal GITHUB_TOKEN (Dependabot PR | |
| # runs are otherwise read-only), which is what lets it merge. | |
| on: | |
| workflow_run: | |
| workflows: ["build"] | |
| types: | |
| - completed | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| auto-merge: | |
| runs-on: ubuntu-latest | |
| # Only for a successful build of a same-repo Dependabot pull request. | |
| if: > | |
| github.event.workflow_run.event == 'pull_request' && | |
| github.event.workflow_run.conclusion == 'success' && | |
| github.event.workflow_run.actor.login == 'dependabot[bot]' && | |
| github.event.workflow_run.head_repository.full_name == github.repository | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GH_REPO: ${{ github.repository }} | |
| HEAD_BRANCH: ${{ github.event.workflow_run.head_branch }} | |
| steps: | |
| - name: Merge the Dependabot PR | |
| run: | | |
| pr=$(gh pr list --head "$HEAD_BRANCH" --state open \ | |
| --json number --jq '.[0].number') | |
| if [ -z "$pr" ]; then | |
| echo "No open PR for branch $HEAD_BRANCH; nothing to merge." | |
| exit 0 | |
| fi | |
| echo "Build succeeded for Dependabot PR #$pr ($HEAD_BRANCH); merging." | |
| gh pr merge "$pr" --squash --delete-branch |