fix: prevent unauthorized message for non-command comments #38
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependabot Auto-Merge | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize, reopened] | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| jobs: | |
| auto-merge: | |
| runs-on: ubuntu-latest | |
| # Only run for Dependabot PRs | |
| if: github.actor == 'dependabot[bot]' | |
| steps: | |
| - name: Fetch Dependabot metadata | |
| id: metadata | |
| uses: dependabot/fetch-metadata@v2 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Auto-approve PR | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh pr review "$PR_URL" --approve --body "Auto-approved by Dependabot auto-merge workflow" | |
| - name: Enable auto-merge for patch and minor updates | |
| # Only auto-merge patch and minor version bumps (not major) | |
| if: | | |
| steps.metadata.outputs.update-type == 'version-update:semver-patch' || | |
| steps.metadata.outputs.update-type == 'version-update:semver-minor' | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh pr merge --auto --squash "$PR_URL" | |
| - name: Comment on major updates | |
| # For major updates, just comment (manual review required) | |
| if: steps.metadata.outputs.update-type == 'version-update:semver-major' | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh pr comment "$PR_URL" --body "⚠️ **Major version update detected** - requires manual review before merging." |