mirror of
https://github.com/maputnik/editor.git
synced 2025-12-06 06:10:00 +00:00
006eb89fae
## Launch Checklist Our CI uses a few actions. For these actions, we currently just use the mutable GitHub tag. Since we use Dependabot to update the versions, we should use SHAs. This makes sure that we are not affected by a certain class of supply chain vulnerability where attackers re-publish bad tags. Using SHAs matches GitHub recommendations and is a part of the OpenSSFs Scorecard. - [x] Confirm **your changes do not include backports from Mapbox projects** (unless with compliant license) - if you are not sure about this, please ask! - [ ] Add an entry to `CHANGELOG.md` under the `## main` section. ^--- not sure if you want this. Other maintenance actions don't show up as well.
27 lines
841 B
YAML
27 lines
841 B
YAML
name: Automerge Dependabot
|
|
|
|
on: pull_request
|
|
|
|
permissions: write-all
|
|
|
|
jobs:
|
|
dependabot:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
|
|
steps:
|
|
- name: Dependabot metadata
|
|
id: metadata
|
|
uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0
|
|
with:
|
|
github-token: "${{ secrets.GITHUB_TOKEN }}"
|
|
- name: Approve Dependabot PRs
|
|
run: gh pr review --approve "$PR_URL"
|
|
env:
|
|
PR_URL: ${{github.event.pull_request.html_url}}
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
- name: Enable auto-merge for Dependabot PRs
|
|
run: gh pr merge --auto --squash "$PR_URL"
|
|
env:
|
|
PR_URL: ${{github.event.pull_request.html_url}}
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|