dependabot-approve-merge.yml 1.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849
  1. # This workflow is provided via the organization template repository
  2. #
  3. # https://github.com/nextcloud/.github
  4. # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
  5. #
  6. # SPDX-FileCopyrightText: 2021-2024 Nextcloud GmbH and Nextcloud contributors
  7. # SPDX-License-Identifier: MIT
  8. name: Dependabot
  9. on:
  10. pull_request_target:
  11. branches:
  12. - main
  13. - master
  14. - stable*
  15. permissions:
  16. contents: read
  17. concurrency:
  18. group: dependabot-approve-merge-${{ github.head_ref || github.run_id }}
  19. cancel-in-progress: true
  20. jobs:
  21. auto-approve-merge:
  22. if: github.actor == 'dependabot[bot]' || github.actor == 'renovate[bot]'
  23. runs-on: ubuntu-latest-low
  24. permissions:
  25. # for hmarr/auto-approve-action to approve PRs
  26. pull-requests: write
  27. steps:
  28. - name: Disabled on forks
  29. if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
  30. run: |
  31. echo 'Can not approve PRs from forks'
  32. exit 1
  33. # GitHub actions bot approve
  34. - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2
  35. with:
  36. github-token: ${{ secrets.GITHUB_TOKEN }}
  37. # Nextcloud bot approve and merge request
  38. - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2
  39. with:
  40. target: minor
  41. github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }}