Skip to content

Commit fead267

Browse files
simonebsimoneb
authored
feat: approve only (#9)
1 parent 712c31c commit fead267

File tree

7 files changed

+75
-27
lines changed

7 files changed

+75
-27
lines changed

.github/dependabot.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: npm
4+
directory: '/'
5+
schedule:
6+
interval: daily
7+
- package-ecosystem: "github-actions"
8+
directory: "/"
9+
schedule:
10+
interval: "daily"

.github/workflows/ci.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
name: CI
2+
on: pull_request
3+
jobs:
4+
approve:
5+
runs-on: ubuntu-latest
6+
steps:
7+
- uses: fastify/github-action-merge-dependabot@v1.1.1
8+
with:
9+
github-token: ${{secrets.GITHUB_TOKEN}}
10+
approve-only: true

.prettierrc

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
{
2+
"singleQuote": true,
3+
"semi": false
4+
}

README.md

Lines changed: 19 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,28 @@
11
# Github Action Merge Dependabot
22

3-
This action automatically merges dependabot PRs.
3+
This action automatically approves and merges dependabot PRs.
44

55
## Inputs
66

77
### `github-token`
88

9-
**Required** A github token.
9+
**Required** A GitHub token.
1010

1111
### `exclude`
1212

13-
*Optional* An array of packages that you don't want to auto-merge and would like to manually review to decide whether to upgrade or not.
13+
_Optional_ An array of packages that you don't want to auto-merge and would like to manually review to decide whether to upgrade or not.
14+
15+
### `approve-only`
16+
17+
_Optional_ If `true`, the PR is only approved but not merged. Defaults to `false`.
1418

1519
### `merge-method`
1620

17-
*Optional* The merge method you would like to use (squash, merge, rebase). Default to `squash` merge.
21+
_Optional_ The merge method you would like to use (squash, merge, rebase). Default to `squash` merge.
1822

1923
### `merge-comment`
2024

21-
*Optional* An arbitrary message that you'd like to comment on the PR after it gets auto-merged. This is only useful when you're recieving too much of noise in email and would like to filter mails for PRs that got automatically merged.
25+
_Optional_ An arbitrary message that you'd like to comment on the PR after it gets auto-merged. This is only useful when you're recieving too much of noise in email and would like to filter mails for PRs that got automatically merged.
2226

2327
## Example usage
2428

@@ -29,8 +33,7 @@ on: [push, pull_request]
2933
jobs:
3034
build:
3135
runs-on: ubuntu-latest
32-
steps:
33-
...
36+
steps: # ...
3437

3538
automerge:
3639
needs: build
@@ -39,23 +42,22 @@ jobs:
3942
- uses: fastify/github-action-merge-dependabot@v1
4043
if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request' }}
4144
with:
42-
github-token: ${{secrets.github_token}}
45+
github-token: ${{secrets.GITHUB_TOKEN}}
4346
```
4447
4548
**Note**
4649
47-
- The `github_token` is automatically provided by Github Actions, which we access using `secrets.github_token` and supply to the action as an input `github-token`.
50+
- The GitHub token is automatically provided by Github Actions, which we access using `secrets.GITHUB_TOKEN` and supply to the action as an input `github-token`.
51+
- This action must be used in the context of a Pull Request. If the workflow can be triggered by other events (e.g. push), make sure to include `github.event_name == 'pull_request'` in the action conditions, as shown in the example.
4852
- Make sure to use `needs: <jobs>` to delay the auto-merging until CI checks (test/build) are passed.
4953

5054
## With `exclude`
5155

5256
```yml
53-
...
54-
steps:
55-
- uses: fastify/github-action-merge-dependabot@v1
56-
if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request' }}
57-
with:
58-
github-token: ${{secrets.github_token}}
59-
exclude: ['material-ui']
60-
...
57+
steps:
58+
- uses: fastify/github-action-merge-dependabot@v1
59+
if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request' }}
60+
with:
61+
github-token: ${{secrets.github_token}}
62+
exclude: ['react']
6163
```

action.yml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,16 @@
11
name: "Github Action Merge Dependabot"
2-
description: "Automatically merge dependabot PRs"
2+
description: "Automatically approve and merge dependabot PRs"
33
inputs:
44
github-token:
5-
description: "A GitHub token."
5+
description: "A GitHub token"
66
required: true
77
exclude:
88
description: "Packages that you want to manually review before upgrading"
99
required: false
10+
approve-only:
11+
description: "If true, the PR is only approved but not merged"
12+
required: false
13+
default: false
1014
merge-method:
1115
description: "The merge method you would like to use (squash, merge, rebase)"
1216
required: false

src/index.js

Lines changed: 24 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,50 +4,67 @@ const github = require('@actions/github')
44
const { logInfo } = require('./log')
55
const { getInputs } = require('./util')
66

7-
const { GITHUB_TOKEN, MERGE_METHOD, EXCLUDE_PKGS, MERGE_COMMENT } = getInputs()
7+
const {
8+
GITHUB_TOKEN,
9+
MERGE_METHOD,
10+
EXCLUDE_PKGS,
11+
MERGE_COMMENT,
12+
APPROVE_ONLY,
13+
} = getInputs()
814

9-
async function run () {
15+
async function run() {
1016
try {
1117
const octokit = github.getOctokit(GITHUB_TOKEN)
1218

1319
const { repository, pull_request: pr } = github.context.payload
20+
21+
if (!pr) {
22+
throw new Error(
23+
'This action must be used in the context of a Pull Request'
24+
)
25+
}
26+
1427
const owner = repository.owner.login
1528
const repo = repository.name
1629
const prNumber = pr.number
1730

1831
const isDependabotPR = pr.user.login === 'dependabot[bot]'
1932

2033
if (!isDependabotPR) {
21-
return logInfo('Not dependabot PR, skip merging.')
34+
return logInfo('Not dependabot PR, skipping.')
2235
}
2336

2437
// dependabot branch names are in format "dependabot/npm_and_yarn/pkg-0.0.1"
2538
const pkgName = pr.head.ref.split('/').pop().split('-').shift()
2639

2740
if (EXCLUDE_PKGS.includes(pkgName)) {
28-
return logInfo(`${pkgName} is excluded, skip merging.`)
41+
return logInfo(`${pkgName} is excluded, skipping.`)
2942
}
3043

3144
await octokit.pulls.createReview({
3245
owner,
3346
repo,
3447
pull_number: prNumber,
35-
event: 'APPROVE'
48+
event: 'APPROVE',
3649
})
3750

51+
if (APPROVE_ONLY) {
52+
return logInfo('Approving only.')
53+
}
54+
3855
await octokit.pulls.merge({
3956
owner,
4057
repo,
4158
pull_number: prNumber,
42-
merge_method: MERGE_METHOD
59+
merge_method: MERGE_METHOD,
4360
})
4461

4562
if (MERGE_COMMENT) {
4663
await octokit.issues.createComment({
4764
owner,
4865
repo,
4966
issue_number: prNumber,
50-
body: MERGE_COMMENT
67+
body: MERGE_COMMENT,
5168
})
5269
}
5370
} catch (error) {

src/util.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,5 +23,6 @@ exports.getInputs = () => ({
2323
GITHUB_TOKEN: core.getInput('github-token', { required: true }),
2424
MERGE_METHOD: getMergeMethod(),
2525
EXCLUDE_PKGS: core.getInput('exclude') || [],
26-
MERGE_COMMENT: core.getInput('merge-comment') || ''
26+
MERGE_COMMENT: core.getInput('merge-comment') || '',
27+
APPROVE_ONLY: core.getInput('approve-only')
2728
})

0 commit comments

Comments
 (0)