-
Notifications
You must be signed in to change notification settings - Fork 6
152 lines (130 loc) · 6.19 KB
/
spring-merge-dependabot-pr.yml
File metadata and controls
152 lines (130 loc) · 6.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Edit & Merge Dependabot PR
on:
workflow_call:
inputs:
developmentGroup:
description: 'The Dependabot update group for development dependencies'
default: 'development-dependencies'
required: false
type: string
developmentLabel:
description: 'The issue label for this development dependencies pull request'
default: 'type: task'
required: false
type: string
dependenciesLabel:
description: 'The issue label for regular dependency upgrade pull request'
default: 'type: dependency-upgrade'
required: false
type: string
autoMerge:
description: 'Merged automatically without setting Milestone to the pull request'
default: false
required: false
type: boolean
autoMergeSnapshots:
description: 'Whether upgrades to SNAPSHOTs (usually after release against Milestone) are going to be merged automatically'
default: false
required: false
type: boolean
mergeArguments:
description: 'The arguments to pass to the gh pr merge command'
required: false
type: string
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
WORKFLOWS_REF: main
jobs:
merge-dependabot-pr:
runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'dependabot[bot]'
steps:
- uses: actions/checkout@v6
with:
show-progress: false
- name: Checkout Common Repo
uses: actions/checkout@v6
with:
repository: spring-io/spring-github-workflows
path: .github/spring-github-workflows
show-progress: false
ref: ${{ env.WORKFLOWS_REF }}
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v3
with:
github-token: ${{ env.GH_TOKEN }}
# Dependabot does not have the ability to let us skip from '-SNAPSHOT' updates.
# The problem happens when there is a GA for snapshot we are using right now.
# For example, we have a '1.0.0-SNAPSHOT' after the previous update from the '1.0.0-RC1'.
# Now that dependency has gone to '1.0.0' GA, so we would expect an update like '1.0.0-SNAPSHOT -> 1.0.0',
# but Dependabot does '1.0.0-SNAPSHOT -> 1.0.1-SNAPSHOT'.
# Another example, if we have a '1.0.0-RC1' but Dependabot does upgrade to '1.0.1-SNAPSHOT' instead of '1.0.0'.
# This is wrong and causes extra burden in manual changes and commit history.
# Therefore, closing such a PR as invalid.
# See more info in: https://stackoverflow.com/questions/79204574/how-to-make-dependabot-to-not-update-from-snapshot
- name: Close if to SNAPSHOT update skipping GA
if: endsWith(steps.metadata.outputs.new-version, '-SNAPSHOT')
run: |
NEW_VERSION="${{ steps.metadata.outputs.new-version }}"
NEW_VERSION=${NEW_VERSION/-SNAPSHOT}
PREVIOUS_VERSION="${{ steps.metadata.outputs.previous-version }}"
PREVIOUS_VERSION=${PREVIOUS_VERSION/-*}
if [ $NEW_VERSION != $PREVIOUS_VERSION ]
then
gh pr edit ${{ github.event.pull_request.number }} --add-label "status: invalid" --remove-milestone --remove-label "${{ inputs.dependenciesLabel }}"
CLOSE_COMMENT="Upgrade from ${{ steps.metadata.outputs.previous-version }} to ${{ steps.metadata.outputs.new-version }} is not allowed"
gh pr close ${{ github.event.pull_request.number }} --comment "$CLOSE_COMMENT"
gh run cancel ${{ github.run_id }}
echo "::warning title=Cannot merge::$CLOSE_COMMENT"
gh run watch ${{ github.run_id }}
fi
- name: Add a label for development dependencies pull request
if: ${{ steps.metadata.outputs.dependency-group == inputs.developmentGroup || endsWith(steps.metadata.outputs.new-version, '-SNAPSHOT') }}
run: |
gh pr edit ${{ github.event.pull_request.number }} --add-label "${{ inputs.developmentLabel }}" --remove-label "${{ inputs.dependenciesLabel }}"
- name: Determine auto-merge
id: is-auto-merge
run: |
AUTO_MERGE=${{ inputs.autoMerge || (inputs.autoMergeSnapshots && endsWith(steps.metadata.outputs.new-version, '-SNAPSHOT')) }}
if [ -z $AUTO_MERGE ]
then
PR_MILESTONE=$(gh pr view ${{ github.event.pull_request.number }} --json milestone -q '.milestone.number')
if [ $PR_MILESTONE ]
then
AUTO_MERGE=true
fi
fi
echo autoMerge=$AUTO_MERGE >> $GITHUB_OUTPUT
- uses: actions/setup-java@v5
if: steps.is-auto-merge.outputs.autoMerge == 'false'
with:
distribution: temurin
java-version: 25
- name: Compute Version
if: steps.is-auto-merge.outputs.autoMerge == 'false'
id: compute-version
uses: spring-io/spring-release-actions/compute-version@0.0.4
- name: Find Milestone for Current Version in Branch
if: steps.is-auto-merge.outputs.autoMerge == 'false'
id: find-milestone
run: |
CURRENT_VERSION=${{ steps.compute-version.outputs.version }}
export CANDIDATE_VERSION=${CURRENT_VERSION/-SNAPSHOT}
MILESTONE=$(gh api repos/$GITHUB_REPOSITORY/milestones --jq 'map(select(.title | startswith(env.CANDIDATE_VERSION))) | .[0].title')
echo milestone=$MILESTONE >> $GITHUB_OUTPUT
- name: Set Milestone to Dependabot pull request
if: steps.is-auto-merge.outputs.autoMerge == 'false'
run: |
MILESTONE=${{ steps.find-milestone.outputs.milestone }}
if [ -z $MILESTONE ]
then
gh run cancel ${{ github.run_id }}
echo "::warning title=Cannot merge::No milestone for ${{ steps.find-milestone.outputs.currentVersion }} version"
gh run watch ${{ github.run_id }}
else
gh pr edit ${{ github.event.pull_request.number }} --milestone $MILESTONE
fi
- name: Merge Dependabot pull request
if: ${{ !cancelled() }}
run: gh pr merge ${{ github.event.pull_request.number }} ${{ inputs.mergeArguments }}