github-action-merge-dependabot/action.yml at main · fastify/github-action-merge-dependabot · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
name: 'Github Action Merge Dependabot'
description: 'Automatically approve and merge dependabot PRs'

inputs:
  github-token:
    description: 'A GitHub token'
    required: false
    default: ${{ github.token }}
  exclude:
    description: 'Packages that you want to manually review before upgrading'
    required: false
  approve-only:
    description: 'If true, the PR is only approved but not merged'
    required: false
    default: false
  merge-method:
    description: 'The merge method you would like to use (squash, merge, rebase)'
    required: false
    default: 'squash'
  merge-comment:
    description: "An arbitrary message that you'd like to comment on the PR after it gets auto-merged"
    required: false
    default: ''
  use-github-auto-merge:
    description: 'If true, the PR is only marked as auto-merge enabled'
    required: false
    default: false
  target:
    description: 'Auto-merge on updates based on Semantic Versioning'
    required: false
    default: 'any'
  target-development:
    description: 'Auto-merge on updates based on Semantic Versioning for development dependencies'
    required: false
  target-production:
    description: 'Auto-merge on updates based on Semantic Versioning for production dependencies'
    required: false
  target-indirect:
    description: 'Auto-merge on updates based on Semantic Versioning for indirect updates'
    required: false
  pr-number:
    description: 'A pull request number, only required if triggered from a workflow_dispatch event'
    required: false
  skip-commit-verification:
    description: 'If true, then the action will not expect the commits to have a verification signature. It is required to set this to true in GitHub Enterprise Server'
    required: false
    default: false
  skip-verification:
    type: boolean
    description: 'If true, the action will not validate the user or the commit verification status'
    default: false

outputs:
  merge_status:
    description: 'Merge status'
    value: ${{ steps.approver.outputs.merge_status }}

runs:
  using: 'composite'
  steps:
    - name: Fetch metadata
      id: dependabot-metadata
      uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0
      if: github.event_name == 'pull_request' && (github.actor == 'dependabot[bot]' || inputs.skip-verification == 'true')
      with:
        skip-commit-verification: ${{ inputs.skip-commit-verification }}
        skip-verification: ${{ inputs.skip-verification }}
    - name: Merge/approve PR
      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
      id: approver
      env:
        ACTION_PATH: ${{ github.action_path }}
        UPDATE_TYPE: ${{ steps.dependabot-metadata.outputs.update-type }}
        DEPENDENCY_TYPE: ${{ steps.dependabot-metadata.outputs.dependency-type }}
        DEPENDENCY_NAMES: ${{ steps.dependabot-metadata.outputs.dependency-names }}
      with:
        github-token: ${{ inputs.github-token }}
        script: |
          const { ACTION_PATH, UPDATE_TYPE, DEPENDENCY_TYPE, DEPENDENCY_NAMES } = process.env
          const script = require(ACTION_PATH + '/dist/index.js')
          await script({
            github,
            context,
            inputs: ${{ toJSON(inputs) }},
            dependabotMetadata: {
              updateType:  UPDATE_TYPE,
              dependencyType: DEPENDENCY_TYPE,
              dependencyNames: DEPENDENCY_NAMES,
            }
          })

branding:
  icon: 'git-pull-request'
  color: 'gray-dark'