aws
diff --git a/‎.dependabot/config.yml‎
Lines changed: 0 additions & 19 deletions b/‎.dependabot/config.yml‎
Lines changed: 0 additions & 19 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 13 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎.github/workflows/auto-approve-dependabot.yml‎
Lines changed: 0 additions & 27 deletions b/‎.github/workflows/auto-approve-dependabot.yml‎
Lines changed: 0 additions & 27 deletions
diff --git a/‎.github/workflows/auto-approve-v2-merge-forward.yml‎
Lines changed: 0 additions & 26 deletions b/‎.github/workflows/auto-approve-v2-merge-forward.yml‎
Lines changed: 0 additions & 26 deletions
diff --git a/‎.github/workflows/auto-approve.yml‎
Lines changed: 15 additions & 0 deletions b/‎.github/workflows/auto-approve.yml‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎.github/workflows/issue-label-assign.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/issue-label-assign.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/v2-pull-request.yml‎
Lines changed: 34 additions & 0 deletions b/‎.github/workflows/v2-pull-request.yml‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎.github/workflows/yarn-upgrade.yml‎
Lines changed: 10 additions & 7 deletions b/‎.github/workflows/yarn-upgrade.yml‎
Lines changed: 10 additions & 7 deletions
@@ -0,0 +1,13 @@
+# Reference: https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates
+# NOTE: dependabot only takes care of updating non-npm deps
+# npm dependencies are updated through the "yarn-upgrade" github workflow.
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "pr/auto-approve"
+    open-pull-requests-limit: 5
@@ -0,0 +1,15 @@
+# Approve PRs with "pr/auto-approve". mergify takes care of the actual merge.
+
+name: auto-approve
+on: pull_request
+
+jobs:
+  auto-approve:
+    if: >
+       contains(github.event.pull_request.labels.*.name, 'pr/auto-approve') && 
+       contains(['aws-cdk-automation', 'dependabot[bot]', 'dependabot-preview[bot]'], github.event.pull_request.user.login)
+    runs-on: ubuntu-latest
+    steps:
+    - uses: hmarr/[email protected]
+      with:
+        github-token: "${{ secrets.GITHUB_TOKEN }}"
@@ -11,7 +11,7 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: Naturalclar/issue-action@f229cda
+      - uses: Naturalclar/issue-action@v2.0.2
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
           title-or-body: 'title'
@@ -90,7 +90,7 @@ jobs:
            {"keywords":["(@aws-cdk/aws-elasticloadbalancingv2-targets)","(aws-elasticloadbalancingv2-targets)","(elasticloadbalancingv2-targets)","(elasticloadbalancingv2 targets)","(elbv2 targets)"],"labels":["@aws-cdk/aws-elasticloadbalancingv2-targets"],"assignees":["njlynch"]},
            {"keywords":["(@aws-cdk/aws-elasticsearch)","(aws-elasticsearch)","(elasticsearch)","(elastic search)","(elastic-search)"],"labels":["@aws-cdk/aws-elasticsearch"],"assignees":["iliapolo"]},
            {"keywords":["(@aws-cdk/aws-emr)","(aws-emr)","(emr)"],"labels":["@aws-cdk/aws-emr"],"assignees":["iliapolo"]},
-           {"keywords":["(@aws-cdk/aws-events)","(aws-events)","(events)","(eventbridge)","event-bridge)"],"labels":["@aws-cdk/aws-events"],"assignees":["rix0rrr"]},
+           {"keywords":["(@aws-cdk/aws-events)","(aws-events)","(events)","(eventbridge)","(event-bridge)"],"labels":["@aws-cdk/aws-events"],"assignees":["rix0rrr"]},
            {"keywords":["(@aws-cdk/aws-events-targets)","(aws-events-targets)","(events-targets)","(events targets)"],"labels":["@aws-cdk/aws-events-targets"],"assignees":["rix0rrr"]},
            {"keywords":["(@aws-cdk/aws-eventschemas)","(aws-eventschemas)","(eventschemas)","(event schemas)"],"labels":["@aws-cdk/aws-eventschemas"],"assignees":["skinny85"]},
            {"keywords":["(@aws-cdk/aws-fms)","(aws-fms)","(fms)"],"labels":["@aws-cdk/aws-fms"],"assignees":["rix0rrr"]},
 
@@ -0,0 +1,34 @@
+# Automated actions for PRs against the v2-main branch
+name: v2
+on:
+  pull_request:
+    branches:
+      - v2-main
+    types:
+      - labeled
+      - opened
+      - ready_for_review
+      - reopened
+      - synchronize
+      - unlabeled
+      - unlocked
+
+jobs:
+  # Run yarn pkglint on merge forward PRs and commit the results
+  pkglint:
+    if: contains(github.event.pull_request.labels.*.name, 'pr/forward-merge')
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v2
+        with:
+          branch: ${{ github.event.pull_request.head.ref }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: lint
+        run: |-
+          yarn install --frozen-lockfile
+          yarn pkglint
+      - name: push
+        uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          commit_message: 'automatic pkglint fixes'
@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Set up Node
-        uses: actions/[email protected].0
+        uses: actions/[email protected].4
         with:
           node-version: 10
 
@@ -25,7 +25,7 @@ jobs:
         run: echo "::set-output name=dir::$(yarn cache dir)"
 
       - name: Restore Yarn cache
-        uses: actions/cache@v2
+        uses: actions/cache@v2.1.4
         with:
           path: ${{ steps.yarn-cache.outputs.dir }}
           key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
@@ -55,12 +55,15 @@ jobs:
           lerna exec --parallel ncu -- --upgrade --filter=@types/node,@types/fs-extra --target=minor
           lerna exec --parallel ncu -- --upgrade --filter=typescript --target=patch
           lerna exec --parallel ncu -- --upgrade --reject='@types/node,@types/fs-extra,constructs,typescript,aws-sdk,${{ steps.list-packages.outputs.list }}'  --target=minor
-      # This will create a brand new `yarn.lock` file (this is more efficient than `yarn install && yarn upgrade`)
-      - name: Run "yarn install --force"
-        run: yarn install --force
+      # This will ensure the current lockfile is up-to-date with the dependency specifications (necessary for "yarn update" to run)
+      - name: Run "yarn install"
+        run: yarn install
+
+      - name: Run "yarn upgrade"
+        run: yarn upgrade
 
       - name: Make Pull Request
-        uses: peter-evans/create-pull-request@v2
+        uses: peter-evans/create-pull-request@v3
         with:
           # Git commit details
           branch: automation/yarn-upgrade
@@ -71,7 +74,7 @@ jobs:
           title: 'chore: npm-check-updates && yarn upgrade'
           body: |-
             Ran npm-check-updates and yarn upgrade to keep the `yarn.lock` file up-to-date.
-          labels: contribution/core,dependencies
+          labels: contribution/core,dependencies,pr/auto-approve
           team-reviewers: aws-cdk-team
           # Privileged token so automated PR validation happens
           token: ${{ secrets.AUTOMATION_GITHUB_TOKEN }}