ci: improve logging, enable husky precommit hooks #1855
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this workflow merges requests from Dependabot if tests are passing | |
# ref https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions | |
# and https://github.com/dependabot/fetch-metadata | |
name: Auto-merge | |
# `pull_request_target` means this uses code in the base branch, not the PR. | |
on: pull_request_target | |
# Dependabot PRs' tokens have read permissions by default and thus we must enable write permissions. | |
permissions: | |
contents: write | |
pull-requests: write | |
jobs: | |
dependencies: | |
runs-on: ubuntu-latest | |
if: github.actor == 'dependabot[bot]' | |
steps: | |
- name: Fetch PR metadata | |
id: metadata | |
uses: dependabot/[email protected] | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Wait for PR CI | |
# Don't merge updates to GitHub Actions versions automatically. | |
# (Some repos may wish to limit by version range (major/minor/patch), or scope (dep vs dev-dep), too.) | |
if: contains(steps.metadata.outputs.package-ecosystem, 'npm') | |
uses: lewagon/[email protected] | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
wait-interval: 30 # seconds | |
running-workflow-name: dependencies # wait for all checks except this one | |
allowed-conclusions: success # all other checks must pass, being skipped or cancelled is not sufficient | |
- name: Auto-merge Dependabot Security PRs | |
# Merge NPM security updates from Dependabot (ungrouped), but not version updates (grouped). | |
if: contains(steps.metadata.outputs.package-ecosystem, 'npm') && !contains(github.event.pull_request.title, 'chore(deps-dev)') && !contains(github.event.pull_request.title, 'chore(deps)') | |
env: | |
PR_URL: ${{ github.event.pull_request.html_url }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# The "auto" flag will only merge once all of the target branch's required checks | |
# are met. Configure those in the "branch protection" settings for each repo. | |
run: gh pr merge --auto --squash "$PR_URL" |