Skip to content
Dependabot auto-approve

chore(deps-dev): bump globals from 15.10.0 to 15.11.0 #1262

Sign in to view logs

chore(deps-dev): bump globals from 15.10.0 to 15.11.0

chore(deps-dev): bump globals from 15.10.0 to 15.11.0 #1262

Workflow file for this run

.github/workflows/dependabot-auto-approve.yml at de40de1
name: "Dependabot auto-approve"
on: pull_request
permissions:
pull-requests: write
jobs:
dependabot:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v1.4.0
with:
github-token: ${{ secrets.ACCES_TOKEN }}
- name: Steps metadata info
run: |
echo Update type ${{ steps.metadata.outputs.update-type }}
echo Dependency type ${{ steps.metadata.outputs.dependency-type }}
- name: Approve a PR
# What are we automatically merging?
# MINOR and PATCH updates
# Development dependencies
# Indirect dependencies
# ----------------------
# ------ IMPORTANT ------
# Unfortunately dependabot core does not support knowing if an indirect dependency is from production or development
# [https://github.com/dependabot/fetch-metadata/issues/43#issuecomment-878173130]
# I am taking the risk to automatically update indirect dependencies of production dependencies.
# Ts-auto-mock will not be published automatically because of this.
# Before releasing a new version of ts-auto-mock the production dependencies need to be reviewed.
# ----------------------
if: |
(steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch')
&& (steps.metadata.outputs.dependency-type == 'indirect' || steps.metadata.outputs.dependency-type == 'direct:development')
run: |
gh pr review --approve "$PR_URL"
gh pr merge --auto --rebase "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.ACCES_TOKEN}}