ci: create bypass-codacy-variation.yml #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependabot - Enable Auto-Merge | |
| # Dependabot Pull Requests Auto-Merge | |
| # This workflow does not execute the merge itself. Instead, it serves as a filter that enables GitHub's native Automatic Merging feature when conditions are met. | |
| # The auto-merge will be enabled only if the semantic version for the changes is MINOR or PATCH. | |
| # Pull Requests with semantic versions MAJOR will need manual review and approval. | |
| # Once the version filter has enabled Auto-Merge, the Pull Request will enter a waiting state until all required checks defined in the master Branch Protection Rules are passed. | |
| # The secured process is: Safe Version → Enable Auto-Merge → Wait for CI Tests → Automatic Merge. | |
| on: | |
| pull_request: | |
| branches: ["master", "main"] | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| dependabot-automerge: | |
| runs-on: ubuntu-latest | |
| if: github.actor == 'dependabot[bot]' | |
| steps: | |
| - name: Obtain Dependabot Metadata | |
| id: metadata | |
| uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b #v2.4.0 | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Enable Auto-Merge | |
| if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch' }} | |
| run: gh pr merge --auto --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |