Auto-approve and auto-merge dependabot PRs #45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Auto-approve and auto-merge dependabot PRs | |
| on: | |
| schedule: | |
| - cron: '0 21 * * 1-3' # Runs at 9 PM UTC (GMT) every Monday, Tuesday, and Wednesday (so as not to use CI capacity during the working day) | |
| permissions: | |
| pull-requests: write | |
| jobs: | |
| approve: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate GitHub App Token | |
| uses: actions/create-github-app-token@v1 | |
| id: generate-token | |
| with: | |
| app-id: ${{ secrets.GH_APP_ID }} | |
| private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| - name: Fetch all PRs | |
| # Auto approve PRs that are over 20 days old, for security | |
| run: | | |
| gh search prs org:openactive --state=open --author "app/dependabot" --json url,createdAt --label "dependencies" --state open --review required --limit 100 --jq '.[] | select((.createdAt | fromdateiso8601) < (now - (20*24*60*60))) | .url' | tee prs.txt | |
| env: | |
| GH_TOKEN: ${{ steps.generate-token.outputs.token }} | |
| - name: Approve and enable auto-merge for PRs | |
| run: | | |
| while IFS= read -r pr | |
| do | |
| echo "Approving and enabling auto-merge for PR $pr ..." | |
| gh pr review --approve "$pr" | |
| gh pr merge "$pr" --auto --body "" --squash | |
| done < prs.txt | |
| env: | |
| GH_TOKEN: ${{ steps.generate-token.outputs.token }} |