.github/workflows/dependabot-auto-merge.yml

fix: improve dependabot auto-merge with better error handling #20

Workflow file for this run

.github/workflows/dependabot-auto-merge.yml at 05be4af

	name: Dependabot Auto-Merge
Check failure on line 1 in .github/workflows/dependabot-auto-merge.yml View workflow run for this annotation GitHub Actions / .github/workflows/dependabot-auto-merge.yml Invalid workflow file `(Line: 11, Col: 3): Unexpected value 'metadata'`

	on:
	pull_request:
	types: [opened, synchronize, reopened, ready_for_review]

	permissions:
	contents: write
	pull-requests: write
	checks: read
	metadata: read
	actions: read

	jobs:
	auto-merge:
	runs-on: ubuntu-latest
	# Only run for Dependabot PRs on the upstream repository (not forks)
	if: github.actor == 'dependabot[bot]' && github.repository == 'openshift/backplane-cli'
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Fetch Dependabot Metadata
	id: metadata
	uses: dependabot/fetch-metadata@v2
	with:
	github-token: "${{ secrets.GITHUB_TOKEN }}"

	- name: Check PR Labels
	id: check-labels
	run: \|
	# Check if PR has the required labels for auto-merge
	if [[ "${{ contains(github.event.pull_request.labels.*.name, 'area/dependency') }}" == "true" ]] && \
	[[ "${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }}" == "true" ]]; then
	echo "has-required-labels=true" >> $GITHUB_OUTPUT
	else
	echo "has-required-labels=false" >> $GITHUB_OUTPUT
	fi

	- name: Enable Auto-Merge for Safe Updates
	if: \|
	steps.check-labels.outputs.has-required-labels == 'true' && (
	steps.metadata.outputs.update-type == 'version-update:semver-patch' \|\|
	steps.metadata.outputs.update-type == 'version-update:semver-minor' \|\|
	steps.metadata.outputs.update-type == 'version-update:semver-digest'
	)
	run: \|
	echo "Enabling auto-merge for ${{ steps.metadata.outputs.update-type }} update"
	echo "Dependency: ${{ steps.metadata.outputs.dependency-names }}"
	echo "Previous version: ${{ steps.metadata.outputs.previous-version }}"
	echo "New version: ${{ steps.metadata.outputs.new-version }}"

	# Enable auto-merge using GitHub API
	response=$(curl -s -w "%{http_code}" -o /tmp/response.json \
	-X PUT \
	-H "Accept: application/vnd.github+json" \
	-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
	-H "X-GitHub-Api-Version: 2022-11-28" \
	"https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/merge" \
	-d '{"merge_method":"merge"}')

	if [[ "$response" -eq 200 ]]; then
	echo "✅ Auto-merge enabled successfully"
	cat /tmp/response.json
	else
	echo "❌ Failed to enable auto-merge. HTTP status: $response"
	echo "Response body:"
	cat /tmp/response.json
	echo "::warning::Could not enable auto-merge due to permissions. PR labeled for manual review."

	# Add a comment to the PR explaining the situation
	curl -X POST \
	-H "Accept: application/vnd.github+json" \
	-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
	-H "X-GitHub-Api-Version: 2022-11-28" \
	"https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \
	-d '{"body":"🤖 Dependabot Auto-Merge Status\n\nThis PR meets the criteria for auto-merge but could not be automatically merged due to repository permissions.\n\nDetails:\n- Update type: ${{ steps.metadata.outputs.update-type }}\n- Dependencies: ${{ steps.metadata.outputs.dependency-names }}\n- Previous version: ${{ steps.metadata.outputs.previous-version }}\n- New version: ${{ steps.metadata.outputs.new-version }}\n\nPlease review and merge manually if appropriate."}'
	fi
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Comment on Major Version Updates
	if: \|
	steps.check-labels.outputs.has-required-labels == 'true' &&
	steps.metadata.outputs.update-type == 'version-update:semver-major'
	run: \|
	gh pr comment "${{ github.event.pull_request.number }}" --body \
	"🚨 Major Version Update Detected 🚨

	This PR contains a major version update that requires manual review:
	- Dependency: ${{ steps.metadata.outputs.dependency-names }}
	- Previous version: ${{ steps.metadata.outputs.previous-version }}
	- New version: ${{ steps.metadata.outputs.new-version }}

	Please review the changelog and breaking changes before merging.

	Auto-merge has been disabled for this PR."
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Log Auto-Merge Decision
	run: \|
	echo "Auto-merge decision for PR #${{ github.event.pull_request.number }}:"
	echo "- Update type: ${{ steps.metadata.outputs.update-type }}"
	echo "- Has required labels: ${{ steps.check-labels.outputs.has-required-labels }}"
	echo "- Dependency: ${{ steps.metadata.outputs.dependency-names }}"

	if [[ "${{ steps.metadata.outputs.update-type }}" == "version-update:semver-patch" ]] \|\| \
	[[ "${{ steps.metadata.outputs.update-type }}" == "version-update:semver-minor" ]] \|\| \
	[[ "${{ steps.metadata.outputs.update-type }}" == "version-update:semver-digest" ]]; then
	if [[ "${{ steps.check-labels.outputs.has-required-labels }}" == "true" ]]; then
	echo "✅ Auto-merge ENABLED"
	else
	echo "❌ Auto-merge DISABLED: Missing required labels"
	fi
	else
	echo "❌ Auto-merge DISABLED: Major version update or unknown update type"
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix: improve dependabot auto-merge with better error handling #20

Workflow file

fix: improve dependabot auto-merge with better error handling #20

Uh oh!

Workflow file for this run

GitHub Actions / .github/workflows/dependabot-auto-merge.yml