From 1ef2195c5247d3f207e30fff2d33f39e1075eec6 Mon Sep 17 00:00:00 2001 From: Vaibhav Bhagwat Pendhare Date: Fri, 15 Dec 2023 23:27:23 +0530 Subject: [PATCH] Feat: Add auto-approve and merge shared workflow. (#107) Co-authored-by: Anmol Nagpal --- .github/workflows/auto_merge.yml | 69 ++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 .github/workflows/auto_merge.yml diff --git a/.github/workflows/auto_merge.yml b/.github/workflows/auto_merge.yml new file mode 100644 index 00000000..4f5471fe --- /dev/null +++ b/.github/workflows/auto_merge.yml @@ -0,0 +1,69 @@ +--- +name: Automerge + +on: + workflow_call: + inputs: + tfcheck: + description: 'Enter the tfcheck action name.' + required: false + type: string + secrets: + GITHUB: + description: 'GitHub Token' + required: false + +jobs: + static-checks: + name: Check the status of static checks + runs-on: ubuntu-latest + strategy: + matrix: + tf-checks: ["tf-lint / tflint", "tfsec / tfsec sarif report", "${{ inputs.tfcheck }}"] + if: github.actor == 'dependabot[bot]' + steps: + - name: Wait for "${{ matrix.tf-checks }}" to succeed + uses: lewagon/wait-on-check-action@v1.3.1 + with: + ref: ${{ github.event.pull_request.head.sha }} + check-name: ${{ matrix.tf-checks }} + repo-token: ${{ secrets.GITHUB }} + wait-interval: 30 + + autoapprove: + permissions: + contents: write + pull-requests: write + name: Auto Approve a PR by dependabot + needs: static-checks + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Approve a PR for Github Bot + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + + - name: Approve a PR for Anmol nagpal + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB}} + + automerge: + runs-on: ubuntu-latest + needs: autoapprove + steps: + - id: automerge + name: automerge + uses: pascalgn/automerge-action@v0.15.6 + if: github.event_name == 'pull_request' && github.event.pull_request.draft == false + env: + GITHUB_TOKEN: ${{ secrets.GITHUB }} + MERGE_FILTER_AUTHOR: 'dependabot[bot]' + MERGE_METHOD: "merge" + MERGE_DELETE_BRANCH: "true" + MERGE_LABELS: "dependencies" + MERGE_REQUIRED_APPROVALS: "" +...