Merge pull request #550 from mlibrary/dependabot-multi-ecosystem

erinesullivan · web-flow · commit 9e1b2ae1423c · 2025-10-02T12:15:36.000-04:00
Updating dependabot to multi-ecosystem. Adding ESLint workflow for PRs.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @erinesullivan
diff --git a/.github/PULL_REQUEST_TEMPLATE/dependency_updates_template.md b/.github/PULL_REQUEST_TEMPLATE/dependency_updates_template.md
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,41 +1,31 @@
 version: 2
+
+multi-ecosystem-groups:
+  maintenance:
+    schedule:
+      interval: "cron"
+      cronjob: "0 6 1-7 * 1" # Every first Monday of the month at 6:00am
+      timezone: "America/Detroit"
+    commit-message:
+      prefix: "Monthly dependency updates: "
+    assignees: ["erinesullivan"]
+
+
 updates:
   # For npm dependencies
   - package-ecosystem: "npm"
     directory: "/"
-    schedule:
-      interval: "monthly"
-      time: "06:00"
-      day: "monday"
-      timezone: "America/Detroit"
-    commit-message:
-      prefix: "Monthly npm updates: "
-    open-pull-requests-limit: 5
-    reviewers:
-      - "erinesullivan"
-    labels:
-      - "dependencies"
-    groups:
-      group-all-npm-updates:
-        patterns:
-          - "*"
+    multi-ecosystem-group: "maintenance"
+    patterns: ["*"]
 
   # For GitHub Actions updates
   - package-ecosystem: "github-actions"
     directory: "/"
-    schedule:
-      interval: "monthly"
-      time: "06:00"
-      day: "monday"
-      timezone: "America/Detroit"
-    commit-message:
-      prefix: "Monthly action updates: "
-    open-pull-requests-limit: 5
-    reviewers:
-      - "erinesullivan"
-    labels:
-      - "dependencies"
-    groups:
-      group-all-github-actions-updates:
-        patterns:
-          - "*"
+    multi-ecosystem-group: "maintenance"
+    patterns: ["*"]
+
+  # For Docker updates
+  - package-ecosystem: "docker"
+    directory: "/"
+    multi-ecosystem-group: "maintenance"
+    patterns: ["*"]
diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
@@ -1,38 +1,23 @@
-name: Update dependabot pull request title
+name: Dependabot pull requests
 
 on:
   pull_request:
-    types: [opened]
 
 jobs:
-  update-title:
+  dependabot:
+    name: Auto-merge Dependabot PRs
     runs-on: ubuntu-latest
+    if: ${{github.event.pull_request.user.login == 'dependabot[bot]'}}
     permissions:
       pull-requests: write
+      contents: write
+    env:
+      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      PR_URL: ${{github.event.pull_request.html_url}}
     steps:
-    - uses: actions/checkout@v5
-    - name: Check conditions
-      id: check_conditions
-      run: |
-        if [[ "${{ github.event.pull_request.user.login }}" != "dependabot[bot]" ]]; then
-          echo "Author does not match."
-          exit 0
-        fi
-        labels=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-          https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels | jq -r '.[].name')
-        if [[ $labels != *"dependencies"* ]]; then
-          echo "Label does not match."
-          exit 0
-        fi
-        echo "conditions_met=true" >> $GITHUB_ENV
-    - name: Update PR title
-      if: env.conditions_met == 'true'
-      run: |
-        NEW_TITLE="$(date +'%B %Y') dependency updates."
-        curl -X PATCH \
-          -H "Accept: application/vnd.github+json" \
-          -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-          https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }} \
-          -d "{\"title\":\"${NEW_TITLE}\"}"
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Fetch Dependabot Metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Merge the PR
+        run: gh pr merge --squash --auto "$PR_URL"
diff --git a/.github/workflows/dockerhub-unstable.yaml b/.github/workflows/dockerhub-unstable.yaml
@@ -5,6 +5,7 @@ on: [push, pull_request]
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: ${{github.actor != 'dependabot[bot]'}}
     steps:
     - name: Login to DockerHub
       uses: docker/login-action@v3
@@ -21,5 +22,3 @@ jobs:
     - name: Image digest
       run: |
         echo '${{ steps.docker_build.outputs.digest }}'
-
-
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -0,0 +1,22 @@
+name: Lint
+
+on:
+  pull_request:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+      - name: Install latest LTS version of Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: lts/*
+          check-latest: true
+      - name: Clean install
+        run: npm ci
+      - name: Run ESLint
+        run: npm run lint
