-
Notifications
You must be signed in to change notification settings - Fork 35
/
action.yml
88 lines (84 loc) · 3.1 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
name: 'Github Action Merge Dependabot'
description: 'Automatically approve and merge dependabot PRs'
inputs:
github-token:
description: 'A GitHub token'
required: false
default: ${{ github.token }}
exclude:
description: 'Packages that you want to manually review before upgrading'
required: false
approve-only:
description: 'If true, the PR is only approved but not merged'
required: false
default: false
merge-method:
description: 'The merge method you would like to use (squash, merge, rebase)'
required: false
default: 'squash'
merge-comment:
description: "An arbitrary message that you'd like to comment on the PR after it gets auto-merged"
required: false
default: ''
use-github-auto-merge:
description: 'If true, the PR is only marked as auto-merge enabled'
required: false
default: false
target:
description: 'Auto-merge on updates based on Semantic Versioning'
required: false
default: 'any'
target-development:
description: 'Auto-merge on updates based on Semantic Versioning for development dependencies'
required: false
target-production:
description: 'Auto-merge on updates based on Semantic Versioning for production dependencies'
required: false
target-indirect:
description: 'Auto-merge on updates based on Semantic Versioning for indirect updates'
required: false
pr-number:
description: 'A pull request number, only required if triggered from a workflow_dispatch event'
required: false
skip-commit-verification:
description: 'If true, then the action will not expect the commits to have a verification signature. It is required to set this to true in GitHub Enterprise Server'
required: false
default: false
skip-verification:
type: boolean
description: 'If true, the action will not validate the user or the commit verification status'
default: false
outputs:
merge_status:
description: 'Merge status'
value: ${{ steps.approver.outputs.merge_status }}
runs:
using: 'composite'
steps:
- name: Fetch metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v2
if: github.event_name == 'pull_request' && (github.actor == 'dependabot[bot]' || inputs.skip-verification == 'true')
with:
skip-commit-verification: ${{ inputs.skip-commit-verification }}
skip-verification: ${{ inputs.skip-verification }}
- name: Merge/approve PR
uses: actions/github-script@v7
id: approver
with:
github-token: ${{ inputs.github-token }}
script: |
const script = require('${{ github.action_path }}/dist/index.js')
await script({
github,
context,
inputs: ${{ toJSON(inputs) }},
dependabotMetadata: {
updateType: '${{ steps.dependabot-metadata.outputs.update-type }}',
dependencyType:'${{ steps.dependabot-metadata.outputs.dependency-type }}',
dependencyNames: '${{ steps.dependabot-metadata.outputs.dependency-names }}',
}
})
branding:
icon: 'git-pull-request'
color: 'gray-dark'