@@ -3,7 +3,7 @@ name: contrib
33on :
44issue_comment :
55types :[created]
6- pull_request_target :
6+ pull_request :
77types :
88 -opened
99 -closed
@@ -24,33 +24,38 @@ concurrency: pr-${{ github.ref }}
2424
2525jobs :
2626# Dependabot is annoying, but this makes it a bit less so.
27- auto-approve- dependabot
27+ dependabot :
2828runs-on :ubuntu-latest
29- if :github.event_name == 'pull_request_target '
29+ if :github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'coder/coder '
3030permissions :
3131pull-requests :write
32- steps :
33- -name :Harden Runner
34- uses :step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
32+ steps :
33+ -name :Dependabot metadata
34+ id :metadata
35+ uses :dependabot/fetch-metadata@4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d # v2.2.0
3536with :
36- egress-policy :audit
37-
38- -name :auto-approve dependabot
39- uses :hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
40- if :github.actor == 'dependabot[bot]'
37+ github-token :" ${{ secrets.GITHUB_TOKEN }}"
38+
39+ -name :Approve the PR
40+ run :gh pr review --approve "$PR_URL"
41+ env :
42+ PR_URL :${{github.event.pull_request.html_url}}
43+ GH_TOKEN :${{secrets.GITHUB_TOKEN}}
44+
45+ -name :Enable auto-merge for Dependabot PRs
46+ if :steps.metadata.outputs.update-type == 'version-update:semver-patch'
47+ run :gh pr merge --auto --merge "$PR_URL"
48+ env :
49+ PR_URL :${{github.event.pull_request.html_url}}
50+ GH_TOKEN :${{secrets.GITHUB_TOKEN}}
4151
4252cla :
4353runs-on :ubuntu-latest
4454permissions :
4555pull-requests :write
4656steps :
47- -name :Harden Runner
48- uses :step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
49- with :
50- egress-policy :audit
51-
5257 -name :cla
53- if :(github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target '
58+ if :(github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request '
5459uses :contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1
5560env :
5661GITHUB_TOKEN :${{ secrets.GITHUB_TOKEN }}
6974release-labels :
7075runs-on :ubuntu-latest
7176# Skip tagging for draft PRs.
72- if :${{ github.event_name == 'pull_request_target ' && !github.event.pull_request.draft }}
77+ if :${{ github.event_name == 'pull_request ' && !github.event.pull_request.draft }}
7378steps :
74- -name :Harden Runner
75- uses :step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
76- with :
77- egress-policy :audit
78-
7979 -name :release-labels
8080uses :actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
8181with :