mirror of https://github.com/FriendsOfTYPO3/tea.git synced 2024-12-22 23:26:11 +01:00

[FEATURE] Automatically approve Dependabot pull requests (#818)

This way, we can enforce having an approval before a PR is
allowed to get merged.
This commit is contained in:
Oliver Klee 2023-04-25 07:27:34 +02:00 committed by GitHub
parent 2186478f06
commit a1e13c56fd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

29
.github/workflows/auto-approve.yml vendored Normal file
View file

@ -0,0 +1,29 @@
# https://docs.github.com/en/github-ae@latest/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
name: auto-approve
on:
pull_request:
permissions:
pull-requests: write
jobs:
auto-approve:
name: Dependabot auto-approve
runs-on: ubuntu-22.04
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Approve the PR
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}