Replace Dependabot automation with reusable syseng action (#534)

grahamalama · web-flow · commit 63e2dde10a1b · 2023-05-24T11:17:30.000-04:00
diff --git a/.github/workflows/dependabot-automerge.yaml b/.github/workflows/dependabot-automerge.yaml
@@ -11,33 +11,5 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.actor == 'dependabot[bot]' }}
     steps:
-      - name: Dependabot metadata
-        id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Enable auto-merge for Dependabot PRs
-        run: gh pr merge --auto --squash "$PR_URL"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-      - name: Approve patch updates
-        if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}
-        run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch update**"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-      - name: Approve major and minor updates of development dependencies
-        if: ${{(steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major'|| steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor') && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}}
-        run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a major or minor update of a dependency used only in development**"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-      - name: Comment on major and minor updates of non-development dependencies
-        if: ${{(steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major'|| steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor') && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}}
-        run: |
-          gh pr comment $PR_URL --body "I'm **not approving** this PR because **it includes a major or minor update of a dependency used in production**"
-          gh pr edit $PR_URL --add-label "requires-manual-qa"
-        env:
-          PR_URL: ${{github.event.pull_request.html_url}}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Enable Dependabot automation
+        uses: mozilla/syseng-pod/actions/dependabot-automerge@main
