Bump actions/github-script from 6 to 7 #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# See <https://handsonappsec.medium.com/automerge-github-dependabot-alerts-with-github-actions-7cd6f5763750>. | |
# Modified to only approve and let Dependabot do the merge if CI goes through, and updated to work in May 2021. | |
name: 'Auto-Approve Dependabot' | |
# Note: I REALLY don't recommend doing this if you have ANY broader authentication tokens available to (any) Actions. | |
# Tokens that can only interact with your public repositories should be mostly fine, if you keep an eye on code changes and don't have automatic deployment set up. | |
permissions: {} # None, using a custom token. | |
on: | |
# See <https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/>. | |
pull_request_target: | |
types: [review_requested, reopened] | |
jobs: | |
approve-dependabot: | |
runs-on: ubuntu-latest | |
if: github.actor == 'dependabot[bot]' | |
steps: | |
- name: auto-approve | |
uses: actions/github-script@v7 | |
with: | |
# The default token is enough to comment, but Dependabot will only comply if you impersonate a user with write access. | |
github-token: ${{secrets.AUTO_APPROVE_DEPENDABOT_TOKEN}} | |
script: | | |
// See <https://octokit.github.io/rest.js/v18#pulls>, | |
// <https://github.com/marketplace/actions/github-script#welcome-a-first-time-contributor>. | |
const reviews = await github.rest.pulls.listReviews({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
pull_number: context.payload.pull_request.number, | |
}); | |
for (review of reviews.data) { | |
console.log(`A review exists. Exiting.`); | |
return; | |
} | |
await github.rest.pulls.createReview({ | |
owner: context.payload.repository.owner.login, | |
repo: context.payload.repository.name, | |
pull_number: context.payload.pull_request.number, | |
event: 'APPROVE', | |
body: '[Auto-Approve Dependabot]\n@dependabot merge', | |
}); |