File: automerge.yml

package info (click to toggle)
nsscache 0.49-5
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 19,664 kB
  • sloc: python: 8,661; xml: 584; sh: 304; makefile: 19
file content (59 lines) | stat: -rw-r--r-- 2,214 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# We "trust" dependabot updates once they pass tests.
# (this still requires all other checks to pass!)

# This doesn't work on forked repos per the discussion in
# https://github.com/pascalgn/automerge-action/issues/46 so don't attempt to
# add people other than dependabot to the if field below.
name: dependabot-auto-merge
on:
  pull_request_target:
    types:
      # Dependabot will label the PR
      - labeled
      # Dependabot has rebased the PR
      - synchronize

jobs:
  enable-automerge:
    if: github.event.pull_request.user.login == 'dependabot[bot]' && contains(github.event.pull_request.labels.*.name, 'dependencies')
    runs-on: ubuntu-latest
    permissions:
      # enable-automerge is a graphql query, not REST, so isn't documented,
      # except in a mention in
      # https://github.blog/changelog/2021-02-04-pull-request-auto-merge-is-now-generally-available/
      # which says "can only be enabled by users with permissino to merge"; the
      # REST documentation says you need contents: write to perform a merge.
      # https://github.community/t/what-permission-does-a-github-action-need-to-call-graphql-enablepullrequestautomerge/197708
      # says this is it
      contents: write
    steps:
      # Enable auto-merge *before* issuing an approval.
      - uses: alexwilson/enable-github-automerge-action@main
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"

  wait-on-checks:
    needs: enable-automerge
    runs-on: ubuntu-latest
    permissions:
      # wait-on-check requires only checks read
      checks: read
    steps:
      - uses: lewagon/wait-on-check-action@v1.3.1
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          check-regexp: "test.*"
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          wait-interval: 60

  approve:
    needs: wait-on-checks
    runs-on: ubuntu-latest
    permissions:
      # https://github.com/hmarr/auto-approve-action/issues/183 says
      # auto-approve-action requires write on pull-requests
      pull-requests: write
    steps:
      - uses: hmarr/auto-approve-action@44888193675f29a83e04faf4002fa8c0b537b1e4
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"