Bump actions/checkout from 3 to 4 #439
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Dependabot PR Approve and Merge | |
# Original: https://blog.somewhatabstract.com/2021/10/11/setting-up-dependabot-with-github-actions-to-approve-and-merge/?utm_source=pocket_mylist | |
# See also: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions#approve-a-pull-request | |
on: pull_request_target | |
permissions: | |
pull-requests: write | |
contents: write | |
jobs: | |
dependabot: | |
runs-on: ubuntu-latest | |
# Check the actor, only run for Dependabot PRs, prevent failing on non-Dependabot PRs. | |
if: ${{ github.actor == 'dependabot[bot]' }} | |
steps: | |
# This step will fail (without approval) if there's no metadata. | |
- name: Dependabot metadata | |
id: dependabot-metadata | |
uses: dependabot/fetch-metadata@v1.6.0 | |
with: | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
# Approve the PR. | |
- name: Approve a PR | |
run: gh pr review --approve "$PR_URL" | |
env: | |
PR_URL: ${{ github.event.pull_request.html_url }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# Allow auto-merging for patch and minor updates if all checks pass. | |
- name: Enable auto-merge for Dependabot PRs | |
if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }} | |
run: gh pr merge --auto --squash "$PR_URL" | |
env: | |
PR_URL: ${{ github.event.pull_request.html_url }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |