generated from SAP/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor: CRON Job for Auto Merging Dependabot PRs (#215)
* refactor: use cron job for auto merging dependabot PRs * debug: add log statement * fix: auto merge comparison * fix: jq comparison * chore: remove pr push trigger
- Loading branch information
1 parent
2d27662
commit 8cb09c8
Showing
2 changed files
with
78 additions
and
31 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,41 +1,73 @@ | ||
name: dependabot merger | ||
|
||
on: | ||
pull_request: | ||
branches: [ main ] | ||
workflow_dispatch: | ||
schedule: | ||
- cron: '17 09 * * *' # trigger daily at 09:17 a.m., as dependabot will create new PRs daily at 6:00 a.m. | ||
|
||
env: | ||
DEPENDABOT_GROUPS: | | ||
production-minor-patch group | ||
plugins group | ||
test group | ||
github-actions group | ||
jobs: | ||
review-pr: | ||
review-prs: | ||
runs-on: ubuntu-latest | ||
if: ${{ github.actor == 'dependabot[bot]' && | ||
github.event_name == 'pull_request' }} | ||
permissions: | ||
pull-requests: write | ||
contents: write | ||
steps: | ||
- name: dependabot metadata | ||
id: metadata | ||
uses: dependabot/[email protected] | ||
with: | ||
github-token: '${{ secrets.GITHUB_TOKEN }}' | ||
- name: setup git | ||
run: | | ||
git config --global user.email "[email protected]" | ||
git config --global user.name "SAP Cloud SDK" | ||
- name: comment major updates | ||
if : ${{ steps.metadata.outputs.update-type == 'version-update:semver-major' }} | ||
run: | | ||
gh pr comment $PR_URL --body "PR **not approved** because it includes a major update of a dependency" | ||
gh pr edit $PR_URL --add-label "please review" | ||
env: | ||
PR_URL: ${{ github.event.pull_request.html_url }} | ||
GH_TOKEN: ${{ secrets.CLOUD_SDK_AT_SAP_ALL_ACCESS_PAT }} | ||
- name: approve and merge | ||
if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' || | ||
steps.metadata.outputs.update-type == 'version-update:semver-minor' }} | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
|
||
- name: Approve and Merge PRs | ||
run: | | ||
gh pr review --approve "$PR_URL" | ||
gh pr merge --auto --squash "$PR_URL" | ||
PRS=$(gh pr list --app "dependabot" --state "open" --json number,title,autoMergeRequest,reviewDecision,mergeable,mergeStateStatus) | ||
PR_NUMBERS= | ||
while IFS= read -r GROUP; do | ||
if [[ -z "$GROUP" ]]; then | ||
continue | ||
fi | ||
MATCHES=$(jq -r --arg group "$GROUP" '.[] | select(.title | contains($group)) | .number' <<< "$PRS") | ||
echo "[DEBUG] Found PRs for group '$GROUP': '$MATCHES'" | ||
PR_NUMBERS="$MATCHES"$'\n'"$PR_NUMBERS" | ||
done <<< "${{ env.DEPENDABOT_GROUPS }}" | ||
echo "[DEBUG] Approving and Merging following PRs: '$PR_NUMBERS'" | ||
while IFS= read -r PR_NUMBER; do | ||
if [[ -z "$PR_NUMBER" ]]; then | ||
continue | ||
fi | ||
echo "[DEBUG] Approving and Merging PR #$PR_NUMBER" | ||
# check if PR is already approved | ||
REVIEW_DECISION=$(jq -r --arg pr "$PR_NUMBER" '.[] | select(.number == ($pr | tonumber)) | .reviewDecision' <<< "$PRS") | ||
if [[ "$REVIEW_DECISION" == "APPROVED" ]]; then | ||
echo "[DEBUG] PR #$PR_NUMBER is already approved, skipping" | ||
else | ||
echo "[DEBUG] PR #$PR_NUMBER is not approved yet, approving" | ||
gh pr review "$PR_NUMBER" --approve | ||
fi | ||
# check if PR is already auto-mergeable | ||
AUTO_MERGE_REQUEST=$(jq -r --arg pr "$PR_NUMBER" '.[] | select(.number == ($pr | tonumber)) | .autoMergeRequest' <<< "$PRS") | ||
if [[ -n "$AUTO_MERGE_REQUEST" ]]; then | ||
echo "[DEBUG] PR #$PR_NUMBER is already auto-mergeable, skipping" | ||
else | ||
echo "[DEBUG] PR #$PR_NUMBER is not auto-mergeable yet, enabling auto-merge" | ||
gh pr merge "$PR_NUMBER" --auto --squash | ||
fi | ||
# check if PR is behind, so we can instruct dependabot to rebase | ||
MERGE_STATE_STATUS=$(jq -r --arg pr "$PR_NUMBER" '.[] | select(.number == ($pr | tonumber)) | .mergeStateStatus' <<< "$PRS") | ||
if [[ "$MERGE_STATE_STATUS" == "BEHIND" ]]; then | ||
echo "[DEBUG] PR #$PR_NUMBER is behind, instructing dependabot to rebase" | ||
gh pr comment "$PR_NUMBER" --body "@dependabot rebase" | ||
fi | ||
done <<< "$PR_NUMBERS" | ||
env: | ||
PR_URL: ${{ github.event.pull_request.html_url }} | ||
GH_TOKEN: ${{ secrets.CLOUD_SDK_AT_SAP_ALL_ACCESS_PAT }} |