Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

75 auto validate and merge patch level dependabot updates #76

Merged
merged 5 commits into from
Jun 26, 2024
Merged

75 auto validate and merge patch level dependabot updates #76

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
0d0fbaa
Remove the devel idea from this, and use SHA for SBOM validation instead
PipeItToDevNull Jun 26, 2024
991981f
Add dependabot auto-merging that is dependent on the build succeeding…
PipeItToDevNull Jun 26, 2024
de12a48
small correction to brackets
PipeItToDevNull Jun 26, 2024
58f656b
remove extraneous pasted line
PipeItToDevNull Jun 26, 2024
80ff25f
change how needs is arranged
PipeItToDevNull Jun 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 4 additions & 10 deletions .github/workflows/build-push-amd64.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ on:
push:
branches:
- main
- devel
workflow_dispatch:
schedule:
- cron: "0 13 * * *"
Expand All @@ -17,10 +16,6 @@ env:
jobs:
docker:
runs-on: ubuntu-latest
strategy:
matrix:
branch:
- main
permissions:
contents: write
packages: write
Expand All @@ -29,8 +24,6 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ matrix.branch }}

- name: Set up QEMU
uses: docker/setup-qemu-action@v3
Expand All @@ -53,7 +46,8 @@ jobs:
images: ${{ env.REGISTRY }}/${{ env.REPO }}/${{ env.IMAGE }}
flavor: latest=auto
tags: |
type=raw,value={{branch}}
type=sha,enable=true,priority=100,prefix=,suffix=,format=long
type=raw,value=devel,enable=${{ github.ref != format('refs/heads/{0}', 'main') }}
type=raw,value=latest,enable={{is_default_branch}}

- name: Build and push Docker image
Expand All @@ -76,8 +70,8 @@ jobs:
- name: Generate SBOM
uses: anchore/sbom-action@v0
with:
image: ${{ env.REGISTRY }}/${{ env.REPO }}/${{ env.IMAGE}}:${{ matrix.branch }}
artifact-name: ${{ env.IMAGE }}-${{ matrix.branch }}.spdx
image: ${{ env.REGISTRY }}/${{ env.REPO }}/${{ env.IMAGE}}:${{ github.sha }}
artifact-name: ${{ env.IMAGE }}-${{ github.sha }}.spdx
format: spdx-json
upload-artifact: true
upload-artifact-retention: 7
20 changes: 20 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,23 @@ jobs:
run: npm run build
- name: Test
run: npm run test

# This should depend on the backend and frontend builds, then if it is a PR submitted by Dependabot that is a patch it will merge the PR
close_pr:
needs:
- backend-build
- frontend-build
if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v2
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Merge PR
if: steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'
run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}