Testing GitHub's built-in auto-merge feature for dependabot PRs

ylabonte · Mar 21, 2024 · 6cc72f4 · 6cc72f4
1 parent 1860973
commit 6cc72f4
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 25 deletions.
diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
@@ -1,26 +1,22 @@
 name: "Auto-Merge Dependabot PRs"
 
-on: [ pull_request ]
+on:
+  pull_request:
+    branches:
+      - "master"
 
 permissions:
-  actions: read
-  security-events: write
   contents: write
   pull-requests: write
 
 jobs:
-  ci:
-    name: "Run CI Workflow"
-    uses: ./.github/workflows/ci.yml
   automerge:
     name: "Auto-merge PR (Dependabot only!)"
-    needs:
-      - ci
     runs-on: ubuntu-latest
     if: github.actor == 'dependabot[bot]'
     steps:
-      - name: "Auto-merge the PRs"
-        run: gh pr merge --auto --merge "$PR_URL"
+      - name: "Approve PR to enable auto-merge"
+        run: gh pr review --approve "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,6 +10,11 @@ on:
       - "master"
       - "develop"
       - "feature/*"
+  pull_request:
+    branches:
+      - "master"
+      - "develop"
+      - "feature/*"
   workflow_call:
 
 jobs:

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -16,7 +16,6 @@ on:
     branches: [ "master" ]
   schedule:
     - cron: '43 0 * * 2'
-  workflow_call:
 
 jobs:
   analyze:

diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -1,7 +1,6 @@
 # Contributor Covenant Code of Conduct
 
 ## Our Pledge
-
 In the interest of fostering an open and welcoming environment, we as
 contributors and maintainers pledge to making participation in our project and
 our community a harassment-free experience for everyone, regardless of age, body
@@ -10,7 +9,6 @@ level of experience, education, socio-economic status, nationality, personal
 appearance, race, religion, or sexual identity and orientation.
 
 ## Our Standards
-
 Examples of behavior that contributes to creating a positive environment
 include:
 
@@ -32,7 +30,6 @@ Examples of unacceptable behavior by participants include:
  professional setting
 
 ## Our Responsibilities
-
 Project maintainers are responsible for clarifying the standards of acceptable
 behavior and are expected to take appropriate and fair corrective action in
 response to any instances of unacceptable behavior.
@@ -44,7 +41,6 @@ permanently any contributor for other behaviors that they deem inappropriate,
 threatening, offensive, or harmful.
 
 ## Scope
-
 This Code of Conduct applies both within project spaces and in public spaces
 when an individual is representing the project or its community. Examples of
 representing a project or community include using an official project e-mail
@@ -53,7 +49,6 @@ representative at an online or offline event. Representation of a project may be
 further defined and clarified by project maintainers.
 
 ## Enforcement
-
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
 reported by contacting the project team at yannic.labonte@gmail.com. All
 complaints will be reviewed and investigated and will result in a response that
@@ -66,7 +61,6 @@ faith may face temporary or permanent repercussions as determined by other
 members of the project's leadership.
 
 ## Attribution
-
 This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
 available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -1,13 +1,10 @@
 # Security Policy
 
 ## Supported Versions
-
-Always use the most recent version. There will be no support for older
-versions.
+Always use the most recent version available as `stable` or `latest` in ioBroker.   
+There will be no support for outdated versions.
 
 ## Reporting a Vulnerability
-
-If you identify a vulnerability, please consider that this may affect other
-people/projects as well. This in mind please email me (Yannic Labonte
-<yannic.labonte@gmail.com>) first, so I can react and maybe fix the issue,
-before publishing it to the public (e.g. in a github issue).
+If you identify a vulnerability, please consider that this may affect other people/projects as well. This in mind please
+email me (Yannic Labonte <yannic.labonte@gmail.com>) first, so I can react and maybe fix the issue, before it is
+published to the public (e.g. in a github issue) and maybe misused by third parties.