Store the registered credential in the test server. #152
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Auto-approve and merge Dependabot PRs | |
| # Mirrors hofmann-elimination's auto-dependabot workflow: when Dependabot opens a PR, fetch | |
| # its metadata, approve the PR, and enable auto-merge so it lands as soon as CI is green. | |
| # | |
| # Requires two repository settings to be enabled (cannot be configured from a workflow): | |
| # 1. Settings → General → "Allow auto-merge" | |
| # 2. Settings → Actions → General → Workflow permissions → "Allow GitHub Actions to create | |
| # and approve pull requests" | |
| # Without those, this workflow will run but the approve / auto-merge calls fail. | |
| on: pull_request | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| dependabot: | |
| runs-on: ubuntu-latest | |
| if: github.event.pull_request.user.login == 'dependabot[bot]' | |
| steps: | |
| - name: Dependabot metadata | |
| id: metadata | |
| uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3 | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| # Only auto-merge low-risk bumps. Major version bumps — and any GitHub Actions | |
| # update (a privileged supply-chain surface) — require human review, because a | |
| # green CI run does not establish that a newly published dependency is trustworthy. | |
| - name: Enable auto-merge | |
| if: | | |
| (steps.metadata.outputs.update-type == 'version-update:semver-patch' || | |
| steps.metadata.outputs.update-type == 'version-update:semver-minor') && | |
| steps.metadata.outputs.package-ecosystem != 'github-actions' | |
| run: gh pr merge --auto --squash --delete-branch "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Approve PR | |
| if: | | |
| (steps.metadata.outputs.update-type == 'version-update:semver-patch' || | |
| steps.metadata.outputs.update-type == 'version-update:semver-minor') && | |
| steps.metadata.outputs.package-ecosystem != 'github-actions' | |
| run: gh pr review --approve "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |