File tree Expand file tree Collapse file tree 1 file changed +25
-0
lines changed Expand file tree Collapse file tree 1 file changed +25
-0
lines changed Original file line number Diff line number Diff line change 1+ # The pull_request_target workflow trigger is dangerous. Do not add unrelated logic to this workflow.
2+ # https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
3+ # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
4+ name : Auto-merge
5+ on : pull_request_target
6+ permissions :
7+ pull-requests : write # to approve the PR
8+ contents : write # to merge the PR
9+ jobs :
10+ dependabot :
11+ if : ${{ github.actor == 'dependabot[bot]' }}
12+ runs-on : ubuntu-latest
13+ steps :
14+ - id : dependabot-metadata
15+ uses : dependabot/fetch-metadata@v1
16+ with :
17+ github-token : ${{ secrets.GITHUB_TOKEN }}
18+ - if : ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
19+ env :
20+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
21+ run : gh pr review --approve ${{ github.event.pull_request.html_url }}
22+ - if : ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
23+ env :
24+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
25+ run : gh pr merge --auto --squash ${{ github.event.pull_request.html_url }}
You can’t perform that action at this time.
0 commit comments