luciano/amazon-kinesis-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move actions.yml additions to maven.yml

Browse source
This commit is contained in:
skye rogers 2025-03-24 13:24:03 -07:00
parent 5bc0454b67
commit 3585a90c03
2 changed files with 43 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
.github/workflows/actions.yml vendored
View file

@ -1,13 +1,27 @@
name: Comment when opened name: Dependabot auto-merge
on: on: pull_request
issues:
types: permissions:
- opened pull-requests: write
contents: write
jobs: jobs:
comment: dependabot:
permissions:
pull-requests: read
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
steps: steps:
- run: gh issue comment $ISSUE --body "Thank you for opening this issue!" - name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v2
with:
alert-lookup: true
github-token: "${{ secrets.PAT_TOKEN }}"
- name: Enable auto-merge for Dependabot PRs
# if: (steps.dependabot-metadata.outputs.cvss == true && update_types == 'minor' || 'patch')
if: update_types == 'minor' || 'patch'
run: gh pr merge --auto --merge "$PR_URL"
env: env:
PR_URL: ${{github.event.pull_request.html_url}}
GH_TOKEN: ${{secrets.GITHUB_TOKEN}} GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
ISSUE: ${{ github.event.issue.html_url }}

19
.github/workflows/maven.yml vendored
View file

@ -37,3 +37,22 @@ jobs:
distribution: 'corretto' distribution: 'corretto'
- name: Check backwards compatibility of changes - name: Check backwards compatibility of changes
run: .github/scripts/backwards_compatibility_check.sh run: .github/scripts/backwards_compatibility_check.sh
auto-merge-vulnerable-PRs:
permissions:
pull-requests: read
runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
steps:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v2
with:
alert-lookup: true
github-token: "${{ secrets.PAT_TOKEN }}"
- name: Enable auto-merge for Dependabot PRs
# if: (steps.dependabot-metadata.outputs.cvss == true && update_types == 'minor' || 'patch')
if: update_types == 'minor' || 'patch'
run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}