hugo-bearblog/.github/workflows/auto-merge.yml

# see https://gist.github.com/xt0rted/46475099dc0a70ba63e16e3177407872

name: Dependabot auto-merge

on:
  pull_request:
    branches:
      - master

permissions:
  contents: read
  pull-requests: read

jobs:
  auto-merge:
    runs-on: ubuntu-latest

    if: github.actor == 'dependabot[bot]'

    steps:
      - name: Create token
        id: create_token
        uses: tibdex/github-app-token@v2
        with:
          app_id: ${{ secrets.BIG_MERGER_APP_ID }}
          private_key: ${{ secrets.BIG_MERGER_PRIVATE_KEY }}

      - name: Dependabot metadata
        id: dependabot-metadata
        uses: dependabot/fetch-metadata@v2
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"

      - name: Authenticate cli
        run: echo "${{ steps.create_token.outputs.token }}" | gh auth login --with-token

      - name: Enable auto-merge for Dependabot PRs
        if: contains(fromJSON('["version-update:semver-patch", "version-update:semver-minor"]'), steps.dependabot-metadata.outputs.update-type)
        run: gh pr merge --auto --squash "$PR_URL"
        env:
          PR_URL: ${{github.event.pull_request.html_url}}
Auto-merge minor updates 🎸 2024-02-20 10:07:38 -05:00			`# see https://gist.github.com/xt0rted/46475099dc0a70ba63e16e3177407872`

Move auto-merge to separate workflow 2024-01-23 05:46:13 -05:00			`name: Dependabot auto-merge`

			`on:`
			`pull_request:`
			`branches:`
Auto-merge minor updates 🎸 2024-02-20 10:07:38 -05:00			`- master`
Move auto-merge to separate workflow 2024-01-23 05:46:13 -05:00
			`permissions:`
Auto-merge minor updates 🎸 2024-02-20 10:07:38 -05:00			`contents: read`
			`pull-requests: read`
Move auto-merge to separate workflow 2024-01-23 05:46:13 -05:00
			`jobs:`
			`auto-merge:`
			`runs-on: ubuntu-latest`
Auto-merge minor updates 🎸 2024-02-20 10:07:38 -05:00
Move auto-merge to separate workflow 2024-01-23 05:46:13 -05:00			`if: github.actor == 'dependabot[bot]'`
Auto-merge minor updates 🎸 2024-02-20 10:07:38 -05:00
Move auto-merge to separate workflow 2024-01-23 05:46:13 -05:00			`steps:`
Auto-merge minor updates 🎸 2024-02-20 10:07:38 -05:00			`- name: Create token`
			`id: create_token`
			`uses: tibdex/github-app-token@v2`
			`with:`
			`app_id: ${{ secrets.BIG_MERGER_APP_ID }}`
			`private_key: ${{ secrets.BIG_MERGER_PRIVATE_KEY }}`

Move auto-merge to separate workflow 2024-01-23 05:46:13 -05:00			`- name: Dependabot metadata`
			`id: dependabot-metadata`
chore(deps): bump dependabot/fetch-metadata from 1 to 2 (#87) Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1 to 2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's releases</a>.</em></p> <blockquote> <h2>v2.0.0 - Switch to <code>node20</code></h2> <h2>What's Changed</h2> <ul> <li>Upgrade from node16 to node20 by <a href="https://github.com/Nishnha"><code>@Nishnha</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/443">dependabot/fetch-metadata#443</a> 👈 this is a potentially breaking change for some workflows</li> <li><code>v2</code> is the new tracking tag by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/506">dependabot/fetch-metadata#506</a></li> <li>v2.0.0 by <a href="https://github.com/fetch-metadata-action-automation"><code>@fetch-metadata-action-automation</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/508">dependabot/fetch-metadata#508</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dependabot/fetch-metadata/compare/v1.7.0...v2.0.0">https://github.com/dependabot/fetch-metadata/compare/v1.7.0...v2.0.0</a></p> <h2>v1.7.0</h2> <h2>What's Changed</h2> <ul> <li>Bump dotenv from 16.0.3 to 16.3.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/404">dependabot/fetch-metadata#404</a></li> <li>Bump <code>@types/node</code> from 20.2.3 to 20.3.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/407">dependabot/fetch-metadata#407</a></li> <li>Bump the eslint-dependencies group with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/409">dependabot/fetch-metadata#409</a></li> <li>Update dependabot.yml by <a href="https://github.com/bdragon"><code>@bdragon</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/410">dependabot/fetch-metadata#410</a></li> <li>Bump <code>@types/node</code> from 20.3.3 to 20.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/411">dependabot/fetch-metadata#411</a></li> <li>Bump yaml from 2.2.1 to 2.3.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/390">dependabot/fetch-metadata#390</a></li> <li>Bump tough-cookie from 4.0.0 to 4.1.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/412">dependabot/fetch-metadata#412</a></li> <li>Bump <code>@types/node</code> from 20.4.0 to 20.4.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/413">dependabot/fetch-metadata#413</a></li> <li>Generate Dependabot PRs on Sundays weekly by <a href="https://github.com/abdulapopoola"><code>@abdulapopoola</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/417">dependabot/fetch-metadata#417</a></li> <li>Aggressively group prod and dev dependencies for NPM by <a href="https://github.com/abdulapopoola"><code>@abdulapopoola</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/420">dependabot/fetch-metadata#420</a></li> <li>Update .nvmrc to latest node 16 LTS version by <a href="https://github.com/abdulapopoola"><code>@abdulapopoola</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/422">dependabot/fetch-metadata#422</a></li> <li>Bump the dev-dependencies group with 9 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/421">dependabot/fetch-metadata#421</a></li> <li>Bump the dev-dependencies group with 1 update by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/423">dependabot/fetch-metadata#423</a></li> <li>Check for uncommitted files beyond the <code>diff</code> directory by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/278">dependabot/fetch-metadata#278</a></li> <li>Bump the dev-dependencies group with 6 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/424">dependabot/fetch-metadata#424</a></li> <li>Bump the dev-dependencies group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/425">dependabot/fetch-metadata#425</a></li> <li>Bump the dev-dependencies group with 6 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/428">dependabot/fetch-metadata#428</a></li> <li>Bump the dev-dependencies group with 7 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/429">dependabot/fetch-metadata#429</a></li> <li>Bump tibdex/github-app-token from 1.8.0 to 1.8.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/430">dependabot/fetch-metadata#430</a></li> <li>Bump the dev-dependencies group with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/432">dependabot/fetch-metadata#432</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/436">dependabot/fetch-metadata#436</a></li> <li>Bump the dev-dependencies group with 6 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/440">dependabot/fetch-metadata#440</a></li> <li>Change actions/checkout@v3 to v4 in readme by <a href="https://github.com/Nishnha"><code>@Nishnha</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/444">dependabot/fetch-metadata#444</a></li> <li>Bump the dev-dependencies group with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/445">dependabot/fetch-metadata#445</a></li> <li>Bump <code>@vercel/ncc</code> from 0.36.1 to 0.38.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/435">dependabot/fetch-metadata#435</a></li> <li>Bump the dev-dependencies group with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/447">dependabot/fetch-metadata#447</a></li> <li>Bump the dev-dependencies group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/448">dependabot/fetch-metadata#448</a></li> <li>Bump <code>@babel/traverse</code> from 7.22.8 to 7.23.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/457">dependabot/fetch-metadata#457</a></li> <li>Add blurbs about using a PAT to the readme by <a href="https://github.com/Nishnha"><code>@Nishnha</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/466">dependabot/fetch-metadata#466</a></li> <li>Bump <code>@vercel/ncc</code> from 0.38.0 to 0.38.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/462">dependabot/fetch-metadata#462</a></li> <li>Bump actions/setup-node from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/461">dependabot/fetch-metadata#461</a></li> <li>Bump the dev-dependencies group with 13 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/497">dependabot/fetch-metadata#497</a></li> <li>Bump tibdex/github-app-token from 1.8.2 to 2.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/442">dependabot/fetch-metadata#442</a></li> <li>Scope app token to only this repo for security by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/501">dependabot/fetch-metadata#501</a></li> <li>Switch to the official action for managing app tokens by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/504">dependabot/fetch-metadata#504</a></li> <li>v1.7.0 by <a href="https://github.com/fetch-metadata-action-automation"><code>@fetch-metadata-action-automation</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/505">dependabot/fetch-metadata#505</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/bdragon"><code>@bdragon</code></a> made their first contribution in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/410">dependabot/fetch-metadata#410</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dependabot/fetch-metadata/commit/0fb21704c18a42ce5aa8d720ea4b912f5e6babef"><code>0fb2170</code></a> v2.0.0 (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/508">#508</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/dc2c459ae6444ea1d108233ed87ce5ff16cf2fa2"><code>dc2c459</code></a> <code>v2</code> is the new tracking tag (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/506">#506</a>)</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/f2f0ad1522845af9cf040e91326888ed5d56e3f8"><code>f2f0ad1</code></a> Upgrade from node16 to node20 (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/443">#443</a>)</li> <li>See full diff in <a href="https://github.com/dependabot/fetch-metadata/compare/v1...v2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dependabot/fetch-metadata&package-manager=github_actions&previous-version=1&new-version=2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-03-27 08:00:31 -04:00			`uses: dependabot/fetch-metadata@v2`
Move auto-merge to separate workflow 2024-01-23 05:46:13 -05:00			`with:`
Auto-merge minor updates 🎸 2024-02-20 10:07:38 -05:00			`github-token: "${{ secrets.GITHUB_TOKEN }}"`

			`- name: Authenticate cli`
			`run: echo "${{ steps.create_token.outputs.token }}" \| gh auth login --with-token`

Move auto-merge to separate workflow 2024-01-23 05:46:13 -05:00			`- name: Enable auto-merge for Dependabot PRs`
			`if: contains(fromJSON('["version-update:semver-patch", "version-update:semver-minor"]'), steps.dependabot-metadata.outputs.update-type)`
Add more permissions to auto-merge workflow 🔓 Still trying to fix ``` GraphQL: Resource not accessible by integration (mergePullRequest) ``` See https://github.com/janraasch/hugo-bearblog/actions/runs/7624250504/job/20766236838 and https://github.com/cli/cli/discussions/7617 2024-01-23 06:06:26 -05:00			`run: gh pr merge --auto --squash "$PR_URL"`
Move auto-merge to separate workflow 2024-01-23 05:46:13 -05:00			`env:`
			`PR_URL: ${{github.event.pull_request.html_url}}`