PI-2401 Enable auto-merge for minor Dependabot PRs

ministryofjustice · Aug 5, 2024 · caac3de · caac3de
1 parent 01b3d52
commit caac3de
Show file tree

Hide file tree

Showing 4 changed files with 111 additions and 1 deletion.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1 +1,3 @@
 * @ministryofjustice/probation-integration
+settings.gradle.kts
+.github/actions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -3,7 +3,19 @@ updates:
   - package-ecosystem: "gradle"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+    groups:
+      minor:
+        update-types:
+          - "minor"
+          - "patch"
+        patterns:
+          - "*"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
     groups:
       minor:
         update-types:

diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
@@ -0,0 +1,37 @@
+# Automated management of Dependabot PRs
+name: Dependabot
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ github.token }}
+
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
+
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+
+      - name: Auto-approve minor or patch versions
+        run: gh pr review --approve "$PR_URL"
+        if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -0,0 +1,59 @@
+name: Gradle
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "30 5 * * MON-FRI" # Every weekday at 05:30 UTC
+  push:
+    paths:
+      - gradlew
+      - gradlew.bat
+      - gradle/**
+      - .github/workflows/gradle.yml
+
+jobs:
+  validate-wrapper:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: gradle/actions/wrapper-validation@v3
+
+  update-wrapper:
+    runs-on: ubuntu-latest
+    if: github.ref_name == 'main'
+    steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
+
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          ref: main
+          token: ${{ steps.app-token.outputs.token }}
+
+      - uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      - uses: gradle-update/update-gradle-wrapper-action@0407394b9d173dfc9cf5695f9f560fef6d61a5fe # v1
+        with:
+          labels: dependencies
+          repo-token: ${{ steps.app-token.outputs.token }}
+
+      - name: Reset commit author # workaround for https://github.com/gradle-update/update-gradle-wrapper-action/issues/124
+        continue-on-error: true
+        run: |
+          if [ "$(git branch --show-current)" != main ]; then
+            git reset --soft "HEAD~$(find . -type f -name gradlew | wc -l)"
+          fi
+
+      - name: Commit and push
+        uses: dsanders11/github-app-commit-action@48d2ff8c1a855eb15d16afa97ae12616456d7cbc # v1.4.0
+        with:
+          fail-on-no-changes: false
+          force: true
+          message: Bump Gradle Wrapper to the latest version
+          token: ${{ steps.app-token.outputs.token }}