move actions.yml additions to maven.yml

2025-03-24 13:24:03 -07:00 · 2025-03-24 13:24:03 -07:00 · 3585a90c03
commit 3585a90c03
parent 5bc0454b67
2 changed files with 43 additions and 10 deletions
--- a/.github/workflows/actions.yml
+++ b/.github/workflows/actions.yml
@ -1,13 +1,27 @@
-name: Comment when opened
-on:
-  issues:
-    types:
-      - opened
+name: Dependabot auto-merge
+on: pull_request
+
+permissions:
+  pull-requests: write
+  contents: write
+
 jobs:
-  comment:
+  dependabot:
+    permissions:
+      pull-requests: read
    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
    steps:
-      - run: gh issue comment $ISSUE --body "Thank you for opening this issue!"
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          alert-lookup: true
+          github-token: "${{ secrets.PAT_TOKEN }}"
+      - name: Enable auto-merge for Dependabot PRs
+        # if: (steps.dependabot-metadata.outputs.cvss == true && update_types == 'minor' || 'patch')
+        if: update_types == 'minor' || 'patch'
+        run: gh pr merge --auto --merge "$PR_URL"
        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
-          ISSUE: ${{ github.event.issue.html_url }}
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@ -37,3 +37,22 @@ jobs:
          distribution: 'corretto'
      - name: Check backwards compatibility of changes
        run: .github/scripts/backwards_compatibility_check.sh
+  auto-merge-vulnerable-PRs:
+    permissions:
+      pull-requests: read
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
+    steps:
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          alert-lookup: true
+          github-token: "${{ secrets.PAT_TOKEN }}"
+      - name: Enable auto-merge for Dependabot PRs
+        # if: (steps.dependabot-metadata.outputs.cvss == true && update_types == 'minor' || 'patch')
+        if: update_types == 'minor' || 'patch'
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}