diff --git a/.github/workflows/dependabot_auto_approve_merge.yml b/.github/workflows/dependabot_auto_approve_merge.yml new file mode 100644 index 0000000..338192d --- /dev/null +++ b/.github/workflows/dependabot_auto_approve_merge.yml @@ -0,0 +1,46 @@ +# Approve Dependabot pull requests and enable auto-merge so GitHub merges them once +# required status checks pass. Enable "Allow auto-merge" under Settings → General → +# Pull Requests, and require status checks on the default branch. See: +# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions + +name: Dependabot auto-approve and merge + +on: + pull_request: + types: [opened, reopened, synchronize] + +permissions: + contents: write + issues: write + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: github.event.pull_request.user.login == 'dependabot[bot]' + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Approve pull request + run: | + set -euo pipefail + if [ "$(gh pr view "${PR_NUMBER}" --json reviewDecision -q .reviewDecision)" != "APPROVED" ]; then + gh pr review --approve "${PR_NUMBER}" + fi + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Enable auto-merge + run: | + set -euo pipefail + if [ "$(gh pr view "${PR_NUMBER}" --json autoMergeRequest -q '.autoMergeRequest != null')" != "true" ]; then + gh pr merge --auto --merge "${PR_NUMBER}" + fi + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/proxy_integration_tests_javascript.yml b/.github/workflows/proxy_integration_tests_javascript.yml index de0089d..8220191 100644 --- a/.github/workflows/proxy_integration_tests_javascript.yml +++ b/.github/workflows/proxy_integration_tests_javascript.yml @@ -7,15 +7,29 @@ name: Proxy integration tests (JavaScript) on: pull_request: - paths: - - "javascript/**" - - ".github/workflows/proxy_integration_tests_javascript.yml" permissions: contents: read + pull-requests: read jobs: + changes: + runs-on: ubuntu-latest + outputs: + relevant: ${{ steps.filter.outputs.relevant }} + steps: + - name: Detect JavaScript changes + id: filter + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 + with: + filters: | + relevant: + - "javascript/**" + - ".github/workflows/proxy_integration_tests_javascript.yml" + integration: + needs: changes + if: needs.changes.outputs.relevant == 'true' runs-on: ubuntu-latest steps: diff --git a/.github/workflows/proxy_integration_tests_php.yml b/.github/workflows/proxy_integration_tests_php.yml index 1f41742..6678f04 100644 --- a/.github/workflows/proxy_integration_tests_php.yml +++ b/.github/workflows/proxy_integration_tests_php.yml @@ -7,15 +7,29 @@ name: Proxy integration tests (PHP) on: pull_request: - paths: - - "php/**" - - ".github/workflows/proxy_integration_tests_php.yml" permissions: contents: read + pull-requests: read jobs: + changes: + runs-on: ubuntu-latest + outputs: + relevant: ${{ steps.filter.outputs.relevant }} + steps: + - name: Detect PHP changes + id: filter + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 + with: + filters: | + relevant: + - "php/**" + - ".github/workflows/proxy_integration_tests_php.yml" + integration: + needs: changes + if: needs.changes.outputs.relevant == 'true' runs-on: ubuntu-latest steps: diff --git a/.github/workflows/proxy_integration_tests_python.yml b/.github/workflows/proxy_integration_tests_python.yml index f2c8c49..9edc18e 100644 --- a/.github/workflows/proxy_integration_tests_python.yml +++ b/.github/workflows/proxy_integration_tests_python.yml @@ -7,15 +7,29 @@ name: Proxy integration tests (Python) on: pull_request: - paths: - - "python/**" - - ".github/workflows/proxy_integration_tests_python.yml" permissions: contents: read + pull-requests: read jobs: + changes: + runs-on: ubuntu-latest + outputs: + relevant: ${{ steps.filter.outputs.relevant }} + steps: + - name: Detect Python changes + id: filter + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 + with: + filters: | + relevant: + - "python/**" + - ".github/workflows/proxy_integration_tests_python.yml" + integration: + needs: changes + if: needs.changes.outputs.relevant == 'true' runs-on: ubuntu-latest steps: diff --git a/.github/workflows/proxy_integration_tests_ruby.yml b/.github/workflows/proxy_integration_tests_ruby.yml index 648e3f9..fee1efa 100644 --- a/.github/workflows/proxy_integration_tests_ruby.yml +++ b/.github/workflows/proxy_integration_tests_ruby.yml @@ -7,15 +7,29 @@ name: Proxy integration tests (Ruby) on: pull_request: - paths: - - "ruby/**" - - ".github/workflows/proxy_integration_tests_ruby.yml" permissions: contents: read + pull-requests: read jobs: + changes: + runs-on: ubuntu-latest + outputs: + relevant: ${{ steps.filter.outputs.relevant }} + steps: + - name: Detect Ruby changes + id: filter + uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 + with: + filters: | + relevant: + - "ruby/**" + - ".github/workflows/proxy_integration_tests_ruby.yml" + integration: + needs: changes + if: needs.changes.outputs.relevant == 'true' runs-on: ubuntu-latest steps: