added dependabot checker, fixed cvss check logic

2025-03-27 09:56:52 -07:00 · 2025-03-27 09:56:52 -07:00 · 6b541e4ebc
commit 6b541e4ebc
parent aafc36deaf
1 changed files with 2 additions and 3 deletions
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@ -16,7 +16,7 @@ permissions:
 jobs:
  dependabot:
    runs-on: ubuntu-latest
-    # if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
    steps:
      - name: Dependabot metadata
        id: metadata
@ -25,8 +25,7 @@ jobs:
          alert-lookup: true
          github-token: "${{ secrets.GITHUB_TOKEN }}"
      - name: Enable auto-merge for Dependabot PRs
-        # if: steps.metadata.outputs.update-type != 'version-update:semver-major' && cvss level > 0
-        if: steps.metadata.outputs.update-type != 'version-update:semver-major' && steps.dependabot-metadata.outputs.cvss < 0.1
+        if: steps.metadata.outputs.update-type != 'version-update:semver-major' && steps.dependabot-metadata.outputs.cvss > 0
        run: gh pr merge --auto --merge "$PR_URL"
        env:
          PR_URL: ${{github.event.pull_request.html_url}}