feat (ci): CPLYTM-1362 adopt workflows from org-infra #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Dependencies | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| issues: none | |
| pull-requests: none | |
| jobs: | |
| call_deps_reviewer: | |
| name: General | |
| uses: complytime/org-infra/.github/workflows/reusable_deps_reviewer.yml@main | |
| call_dependabot_reviewer: | |
| name: Dependabot | |
| uses: complytime/org-infra/.github/workflows/reusable_dependabot_reviewer.yml@main | |
| comment_on_dependabot_prs: | |
| name: Dependabot Comment | |
| if: github.actor == 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| needs: [call_deps_reviewer, call_dependabot_reviewer] | |
| permissions: | |
| issues: read | |
| pull-requests: write | |
| steps: | |
| - name: Comment from Dependabot Reviewer | |
| uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 | |
| env: | |
| REVIEW_CONCLUSION: ${{ needs.call_deps_reviewer.outputs.review_conclusion }} | |
| RISK_LEVEL: ${{ needs.call_dependabot_reviewer.outputs.risk_level }} | |
| UPDATES_COUNT: ${{ needs.call_dependabot_reviewer.outputs.updates_count }} | |
| with: | |
| issue-number: ${{ github.event.pull_request.number }} | |
| edit-mode: replace | |
| body: | | |
| 🤖 **Standardized Dependabot Review Summary** 🤖 | |
| This PR was processed by the organization's reusable CI pipeline. | |
| - **Dependencies Review:** **${{ env.REVIEW_CONCLUSION }}** | |
| - [View detailed logs](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
| - **Calculated Risk:** **${{ env.RISK_LEVEL }}** | |
| - **Dependency Usage:** At least **${{ env.UPDATES_COUNT }}** repositories are using this dependency version | |
| --- | |
| Maintainer check list: | |
| 1. Ensure the PR passed all CI tests (required status checks). | |
| 2. Investigate failures for Major updates or any manual review requirement. | |
| 3. Don't overlook breaking changes and changelog information. | |
| 4. If the scorecard value is low, consider to contribute to make it higher. Everybody wins! | |
| 5. Be diligent. When in doubt, ask another maintainer for additional review. | |
| approve_dependabot_prs: | |
| name: Dependabot Auto-approve | |
| if: github.actor == 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| needs: [call_deps_reviewer, call_dependabot_reviewer] | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Auto-approve if Confident | |
| if: ${{ env.RISK_LEVEL != 'high' && env.REVIEW_CONCLUSION == 'success' && env.UPDATES_COUNT > 10 }} | |
| env: | |
| REVIEW_CONCLUSION: ${{ needs.call_deps_reviewer.outputs.review_conclusion }} | |
| RISK_LEVEL: ${{ needs.call_dependabot_reviewer.outputs.risk_level }} | |
| UPDATES_COUNT: ${{ needs.call_dependabot_reviewer.outputs.updates_count }} | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| with: | |
| script: | | |
| github.rest.pulls.createReview({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| pull_number: context.issue.number, | |
| event: 'APPROVE', | |
| body: 'Automatically approved by GitHub Action for Dependabot PRs.' | |
| }); | |
| console.log('Dependabot PR approved successfully.'); |