From 3f60d85a9ee7cf9729fd3697eedd9010147f94e9 Mon Sep 17 00:00:00 2001
From: skyero-aws <skyero@amazon.com>
Date: Mon, 24 Mar 2025 13:40:25 -0700
Subject: [PATCH] Update maven.yml with code from the github

---
 .github/workflows/maven.yml | 45 ++++++-------------------------------
 1 file changed, 7 insertions(+), 38 deletions(-)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index e2e8419c..a5ef7d26 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -6,52 +6,21 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-name: Java CI with Maven
-on:
-  push:
-    branches:
-      - "master"
-  pull_request:
-    branches:
-      - "master"
+name: Dependabot auto-merge
+on: pull_request
+permissions:
+  pull-requests: write
+  contents: write
 jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up JDK 8
-        uses: actions/setup-java@v4
-        with:
-          java-version: '8'
-          distribution: 'corretto'
-      - name: Build with Maven
-        run: mvn -B package --file pom.xml -DskipITs
-  backwards-compatible-check:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up JDK 8
-        uses: actions/setup-java@v4
-        with:
-          java-version: '8'
-          distribution: 'corretto'
-      - name: Check backwards compatibility of changes
-        run: .github/scripts/backwards_compatibility_check.sh
-  auto-merge-vulnerable-PRs:
-    permissions:
-      pull-requests: read
+  dependabot:
     runs-on: ubuntu-latest
     if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
     steps:
       - name: Dependabot metadata
         id: dependabot-metadata
         uses: dependabot/fetch-metadata@v2
-        with:
-          alert-lookup: true
-          github-token: "${{ secrets.PAT_TOKEN }}"
       - name: Enable auto-merge for Dependabot PRs
-        # if: (steps.dependabot-metadata.outputs.cvss == true && update_types == 'minor' || 'patch')
-        if: steps.dependabot-metadata.outputs.cvss == true
+        if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'rails') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}
         run: gh pr merge --auto --merge "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}