added dependabot checker, fixed cvss check logic
This commit is contained in:
skye rogers
parent
aafc36deaf
commit
6b541e4ebc
1 changed files with 2 additions and 3 deletions
5
.github/workflows/maven.yml
vendored
5
.github/workflows/maven.yml
vendored
|
|
@ -16,7 +16,7 @@ permissions:
|
||||||
jobs:
|
jobs:
|
||||||
dependabot:
|
dependabot:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
# if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'owner/my_repo'
|
if: github.event.pull_request.user.login == 'dependabot[bot]'
|
||||||
steps:
|
steps:
|
||||||
- name: Dependabot metadata
|
- name: Dependabot metadata
|
||||||
id: metadata
|
id: metadata
|
||||||
|
|
@ -25,8 +25,7 @@ jobs:
|
||||||
alert-lookup: true
|
alert-lookup: true
|
||||||
github-token: "${{ secrets.GITHUB_TOKEN }}"
|
github-token: "${{ secrets.GITHUB_TOKEN }}"
|
||||||
- name: Enable auto-merge for Dependabot PRs
|
- name: Enable auto-merge for Dependabot PRs
|
||||||
# if: steps.metadata.outputs.update-type != 'version-update:semver-major' && cvss level > 0
|
if: steps.metadata.outputs.update-type != 'version-update:semver-major' && steps.dependabot-metadata.outputs.cvss > 0
|
||||||
if: steps.metadata.outputs.update-type != 'version-update:semver-major' && steps.dependabot-metadata.outputs.cvss < 0.1
|
|
||||||
run: gh pr merge --auto --merge "$PR_URL"
|
run: gh pr merge --auto --merge "$PR_URL"
|
||||||
env:
|
env:
|
||||||
PR_URL: ${{github.event.pull_request.html_url}}
|
PR_URL: ${{github.event.pull_request.html_url}}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue