martin/.github/workflows/dependabot.yml

name: Dependabot auto-merge
on: pull_request

permissions: write-all

jobs:
  dependabot:
    runs-on: ubuntu-latest
    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
      - name: Dependabot metadata
        id: metadata
        uses: dependabot/fetch-metadata@v1.3.6
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"
      - name: Approve Dependabot PRs
        if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
        run: gh pr review --approve "$PR_URL"
        env:
          PR_URL: ${{github.event.pull_request.html_url}}
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
      - name: Enable auto-merge for Dependabot PRs
        if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
        run: gh pr merge --auto --squash "$PR_URL"
        env:
          PR_URL: ${{github.event.pull_request.html_url}}
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
ci: enable dependabot auto-merge (#337) 2022-05-27 14:46:48 +03:00			`name: Dependabot auto-merge`
			`on: pull_request`

Auto approve Dependabot semver patch PRs (#368) 2022-07-29 12:20:37 +03:00			`permissions: write-all`
ci: enable dependabot auto-merge (#337) 2022-05-27 14:46:48 +03:00
			`jobs:`
			`dependabot:`
			`runs-on: ubuntu-latest`
			`if: ${{ github.actor == 'dependabot[bot]' }}`
			`steps:`
			`- name: Dependabot metadata`
			`id: metadata`
chore(deps): Bump dependabot/fetch-metadata from 1.3.5 to 1.3.6 (#558) Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.3.5 to 1.3.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's releases</a>.</em></p> <blockquote> <h2>v1.3.6</h2> <h2>What's Changed</h2> <ul> <li>Drop mention of "locally" by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/281">dependabot/fetch-metadata#281</a></li> <li>Don't assume <code>git pull</code> fetches all branches/tags by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/284">dependabot/fetch-metadata#284</a></li> <li>Clarify release notes slightly by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/283">dependabot/fetch-metadata#283</a></li> <li>Bump eslint-plugin-promise from 6.0.1 to 6.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/287">dependabot/fetch-metadata#287</a></li> <li>Bump <code>@typescript-eslint/parser</code> from 5.38.0 to 5.45.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/290">dependabot/fetch-metadata#290</a></li> <li>Bump yargs and <code>@types/yargs</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/286">dependabot/fetch-metadata#286</a></li> <li>Bump <code>@types/node</code> from 18.11.9 to 18.11.10 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/289">dependabot/fetch-metadata#289</a></li> <li>Bump decode-uri-component from 0.2.0 to 0.2.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/291">dependabot/fetch-metadata#291</a></li> <li>Bump yaml from 2.1.1 to 2.1.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/288">dependabot/fetch-metadata#288</a></li> <li>Bump <code>@types/node</code> from 18.11.10 to 18.11.18 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/296">dependabot/fetch-metadata#296</a></li> <li>Bump <code>@vercel/ncc</code> from 0.34.0 to 0.36.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/294">dependabot/fetch-metadata#294</a></li> <li>Bump dotenv from 16.0.2 to 16.0.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/293">dependabot/fetch-metadata#293</a></li> <li>Bump typescript from 4.8.3 to 4.9.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/295">dependabot/fetch-metadata#295</a></li> <li>Bump yaml from 2.1.3 to 2.2.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/292">dependabot/fetch-metadata#292</a></li> <li>Bump json5 from 1.0.1 to 1.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/297">dependabot/fetch-metadata#297</a></li> <li>Bump eslint from 8.23.1 to 8.32.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/303">dependabot/fetch-metadata#303</a></li> <li>Bump <code>@typescript-eslint/parser</code> from 5.45.0 to 5.48.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/300">dependabot/fetch-metadata#300</a></li> <li>Bump <code>@typescript-eslint/eslint-plugin</code> from 5.42.0 to 5.48.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/302">dependabot/fetch-metadata#302</a></li> <li>Bump eslint-plugin-import from 2.26.0 to 2.27.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/301">dependabot/fetch-metadata#301</a></li> <li>Bump nock from 13.2.9 to 13.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/299">dependabot/fetch-metadata#299</a></li> <li>Bump <code>@types/yargs</code> from 17.0.15 to 17.0.19 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/304">dependabot/fetch-metadata#304</a></li> <li>Fix parser for libraries by <a href="https://github.com/kachick"><code>@kachick</code></a> in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/224">dependabot/fetch-metadata#224</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/kachick"><code>@kachick</code></a> made their first contribution in <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/pull/224">dependabot/fetch-metadata#224</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dependabot/fetch-metadata/compare/v1...v1.3.6">https://github.com/dependabot/fetch-metadata/compare/v1...v1.3.6</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dependabot/fetch-metadata/commit/4de7a6c08ce727a42e0adbbdc345f761a01240ce"><code>4de7a6c</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/issues/306">#306</a> from dependabot/v1.3.6-release-notes</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/dfa376e5c1c4c1aa3246b873d6be94b581b6552c"><code>dfa376e</code></a> v1.3.6</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/2b4e1681e096d3ef8cf4712af89e0c188d7be11e"><code>2b4e168</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/issues/224">#224</a> from kachick/fix-get-info-for-library</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/0a3f18375a9a1749a02dce2656df58200e195cfc"><code>0a3f183</code></a> Adjust indent style with existing code</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/cf0e9797120828220f7be61d61514b9e293fd3a1"><code>cf0e979</code></a> Merge branch 'main' into fix-get-info-for-library</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/6b3627f3f1d71998a42678febad890035b9a3f6d"><code>6b3627f</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/issues/304">#304</a> from dependabot/dependabot/npm_and_yarn/types/yargs-1...</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/b385d6219b8d3c90745703dbf594ed72b5607d5e"><code>b385d62</code></a> Bump <code>@types/yargs</code> from 17.0.15 to 17.0.19</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/ab5ccc9b61fe14ffddb2ab9d78de2b7199d7f7d7"><code>ab5ccc9</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/issues/299">#299</a> from dependabot/dependabot/npm_and_yarn/nock-13.3.0</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/ce0ec4e5d5c32fbe769db107eab24ec34c9dd329"><code>ce0ec4e</code></a> Bump nock from 13.2.9 to 13.3.0</li> <li><a href="https://github.com/dependabot/fetch-metadata/commit/26d146ee07414cdc0e13247954d7ed470d08caee"><code>26d146e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/dependabot/fetch-metadata/issues/301">#301</a> from dependabot/dependabot/npm_and_yarn/eslint-plugin...</li> <li>Additional commits viewable in <a href="https://github.com/dependabot/fetch-metadata/compare/v1.3.5...v1.3.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dependabot/fetch-metadata&package-manager=github_actions&previous-version=1.3.5&new-version=1.3.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-01-25 01:39:53 +03:00			`uses: dependabot/fetch-metadata@v1.3.6`
ci: enable dependabot auto-merge (#337) 2022-05-27 14:46:48 +03:00			`with:`
			`github-token: "${{ secrets.GITHUB_TOKEN }}"`
Auto approve Dependabot semver patch PRs (#368) 2022-07-29 12:20:37 +03:00			`- name: Approve Dependabot PRs`
			`if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch'}}`
			`run: gh pr review --approve "$PR_URL"`
			`env:`
			`PR_URL: ${{github.event.pull_request.html_url}}`
			`GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}`
ci: enable dependabot auto-merge (#337) 2022-05-27 14:46:48 +03:00			`- name: Enable auto-merge for Dependabot PRs`
			`if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch'}}`
ci: use squash instead of merge when auto-merging Dependabot PRs (#360) use squash instead of merge when auto-merging Dependabot PRs 2022-07-02 15:08:59 +03:00			`run: gh pr merge --auto --squash "$PR_URL"`
ci: enable dependabot auto-merge (#337) 2022-05-27 14:46:48 +03:00			`env:`
			`PR_URL: ${{github.event.pull_request.html_url}}`
			`GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}`