mirror of
https://github.com/zhom/donutbrowser.git
synced 2026-07-16 01:17:23 +02:00
82 lines
2.5 KiB
YAML
82 lines
2.5 KiB
YAML
name: Dependabot Automerge
|
|
|
|
on:
|
|
pull_request_target:
|
|
types: [opened, synchronize, reopened]
|
|
|
|
permissions:
|
|
pull-requests: write
|
|
contents: write
|
|
checks: read
|
|
|
|
jobs:
|
|
security-scan:
|
|
name: Security Vulnerability Scan
|
|
if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]'
|
|
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@c5996e0193a3df57d695c1b8a1dec2a4c62e8730" # v2.3.3
|
|
with:
|
|
scan-args: |-
|
|
-r
|
|
--skip-git
|
|
--lockfile=pnpm-lock.yaml
|
|
--lockfile=src-tauri/Cargo.lock
|
|
./
|
|
permissions:
|
|
security-events: write
|
|
contents: read
|
|
actions: read
|
|
|
|
lint-js:
|
|
name: Lint JavaScript/TypeScript
|
|
if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]'
|
|
uses: ./.github/workflows/lint-js.yml
|
|
secrets: inherit
|
|
permissions:
|
|
contents: read
|
|
|
|
lint-rust:
|
|
name: Lint Rust
|
|
if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]'
|
|
uses: ./.github/workflows/lint-rs.yml
|
|
secrets: inherit
|
|
permissions:
|
|
contents: read
|
|
|
|
codeql:
|
|
name: CodeQL
|
|
if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]'
|
|
uses: ./.github/workflows/codeql.yml
|
|
secrets: inherit
|
|
permissions:
|
|
security-events: write
|
|
contents: read
|
|
packages: read
|
|
actions: read
|
|
|
|
spellcheck:
|
|
name: Spell Check
|
|
if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]'
|
|
uses: ./.github/workflows/spellcheck.yml
|
|
secrets: inherit
|
|
permissions:
|
|
contents: read
|
|
|
|
dependabot-automerge:
|
|
name: Dependabot Automerge
|
|
if: github.repository == 'zhom/donutbrowser' && github.actor == 'dependabot[bot]'
|
|
needs: [security-scan, lint-js, lint-rust, codeql, spellcheck]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Dependabot metadata
|
|
id: metadata
|
|
uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a #v2.5.0
|
|
with:
|
|
github-token: "${{ secrets.GITHUB_TOKEN }}"
|
|
- name: Enable auto-merge for minor and patch updates
|
|
if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch' }}
|
|
run: gh pr merge --auto --squash "$PR_URL"
|
|
env:
|
|
PR_URL: ${{ github.event.pull_request.html_url }}
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
timeout-minutes: 10
|