ci: add automerge workflow and simplify settings and update actions

crafthippie · Jul 23, 2024 · 5e169f9 · 5e169f9
1 parent c7399c7
commit 5e169f9
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 44 deletions.
diff --git a/.github/settings.yml b/.github/settings.yml
@@ -22,56 +22,18 @@ repository:
   enable_automated_security_fixes: true
   enable_vulnerability_alerts: true
 
-labels:
-  - name: bug
-    color: d73a4a
-    description: Something isn't working
-  - name: duplicate
-    color: cfd3d7
-    description: This issue or pull request already exists
-  - name: enhancement
-    color: a2eeef
-    description: New feature or request
-  - name: good first issue
-    color: 7057ff
-    description: Good for newcomers
-  - name: help wanted
-    color: 008672
-    description: Extra attention is needed
-  - name: invalid
-    color: e4e669
-    description: This doesn't seem right
-  - name: question
-    color: d876e3
-    description: Further information is requested
-  - name: renovate
-    color: e99695
-    description: Automated action from Renovate
-  - name: wontfix
-    color: ffffff
-    description: This will not be worked on
-  - name: outdated
-    color: cccccc
-    description: This is out of scope and outdated
-
-teams:
-  - name: admins
-    permission: admin
-  - name: bots
-    permission: admin
-  - name: members
-    permission: maintain
-
 branches:
   - name: master
     protection:
       required_pull_request_reviews: null
       required_status_checks:
         strict: true
-        contexts: []
+        contexts:
+          - docker
       enforce_admins: false
       restrictions:
         apps:
+          - crafthippie
           - renovate
         users: []
         teams:

diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
@@ -0,0 +1,49 @@
+---
+name: automerge
+
+"on":
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+
+    steps:
+      - name: Generate token
+        id: token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.TOKEN_EXCHANGE_APP }}
+          installation_retrieval_mode: id
+          installation_retrieval_payload: ${{ secrets.TOKEN_EXCHANGE_INSTALL }}
+          private_key: ${{ secrets.TOKEN_EXCHANGE_KEY }}
+          permissions: >-
+            {"contents": "write", "pull_requests": "write", "issues": "write"}
+
+      - name: Fetch metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Approve request
+        id: approve
+        run: gh pr review --approve "${{github.event.pull_request.html_url}}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enable automerge
+        id: automerge
+        run: gh pr merge --rebase --auto "${{github.event.pull_request.html_url}}"
+        env:
+          GH_TOKEN: ${{ steps.token.outputs.token }}
+
+...
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -97,7 +97,7 @@ jobs:
 
       - name: Build image
         id: publish
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           builder: ${{ steps.buildx.outputs.name }}
           context: .

diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml
@@ -18,7 +18,7 @@ jobs:
 
       - name: Setup hugo
         id: hugo
-        uses: peaceiris/actions-hugo@v2
+        uses: peaceiris/actions-hugo@v3
         with:
           hugo-version: latest
           extended: true
@@ -29,7 +29,7 @@ jobs:
 
       - name: Deploy pages
         id: deploy
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@v4
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: docs/public/