Modernize and consolidate GitHub workflows #936
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: auto-merge | |
| "on": | |
| pull_request: | |
| types: [opened, synchronize, reopened, labeled, unlabeled] | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| # Cancel in-progress runs for the same PR (only latest should merge) | |
| concurrency: | |
| group: auto-merge-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| auto-merge: | |
| runs-on: ubuntu-latest | |
| # Run for dependabot, pre-commit-ci, or PRs with auto-merge label | |
| if: >- | |
| github.event.pull_request.user.login == 'dependabot[bot]' || | |
| github.event.pull_request.user.login == 'pre-commit-ci[bot]' || | |
| contains(github.event.pull_request.labels.*.name, 'auto-merge') | |
| steps: | |
| # Fetch Dependabot metadata (only runs for dependabot PRs) | |
| - name: Fetch Dependabot metadata | |
| id: metadata | |
| if: github.event.pull_request.user.login == 'dependabot[bot]' | |
| uses: dependabot/fetch-metadata@v2 | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| # Determine if PR is eligible for auto-merge | |
| - name: Check eligibility | |
| id: eligible | |
| run: | | |
| if [[ "$ACTOR" == "dependabot[bot]" ]]; then | |
| # Dependabot: only auto-merge patch and minor updates | |
| if [[ "$UPDATE_TYPE" == "version-update:semver-patch" ]] || | |
| [[ "$UPDATE_TYPE" == "version-update:semver-minor" ]]; then | |
| echo "result=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "result=false" >> "$GITHUB_OUTPUT" | |
| echo "Skipping: Dependabot major update requires manual review" | |
| fi | |
| else | |
| # pre-commit-ci and auto-merge labeled PRs are always eligible | |
| echo "result=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| env: | |
| ACTOR: ${{ github.event.pull_request.user.login }} | |
| UPDATE_TYPE: ${{ steps.metadata.outputs.update-type }} | |
| # Wait for required CI checks (--required avoids deadlock with this workflow) | |
| - name: Wait for CI checks | |
| if: steps.eligible.outputs.result == 'true' | |
| timeout-minutes: 30 | |
| run: gh pr checks "$PR_URL" --watch --fail-fast --required | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Merge after CI passes | |
| - name: Merge PR | |
| if: steps.eligible.outputs.result == 'true' | |
| run: gh pr merge --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |