Setup dependabot version update and automerging of dependabot prs (#3)

navikt · Jan 15, 2024 · 36e0864 · 36e0864
1 parent fce8ed5
commit 36e0864
Show file tree

Hide file tree

Showing 5 changed files with 87 additions and 1 deletion.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,35 @@
+version: 2
+
+registries:
+  npm-github:
+    type: npm-registry
+    url: https://npm.pkg.github.com
+    token: ${{ secrets.READER_TOKEN }}
+
+updates:
+  - package-ecosystem: github-actions
+    directory: '/'
+    schedule:
+      interval: daily
+
+  - package-ecosystem: npm
+    directory: '/'
+    schedule:
+      interval: daily
+      time: '14:30'
+      timezone: Europe/Oslo
+    open-pull-requests-limit: 20
+    registries: '*'
+    reviewers:
+      - ''
+    groups:
+      aksel-dependencies:
+        patterns:
+          - '@navikt/aksel*'
+          - '@navikt/ds*'
+      react-dependencies:
+        patterns:
+          - 'react'
+          - 'react-dom'
+          - '@types/react'
+          - '@types/react-dom'
diff --git a/.github/workflows/build-and-deploy.yaml b/.github/workflows/build-and-deploy.yaml
@@ -1,5 +1,7 @@
 name: Build & Deploy
-on: push
+on:
+  push:
+  workflow_dispatch:
 
 jobs:
   next-app:

diff --git a/.github/workflows/label-dependabot-pr.yaml b/.github/workflows/label-dependabot-pr.yaml
@@ -0,0 +1,32 @@
+name: label-dependabot-pr
+on:
+  pull_request_target:
+    types:
+      - opened
+      - unlabeled
+
+jobs:
+  label-pr:
+    runs-on: ubuntu-latest
+    permissions: write-all
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    steps:
+      - name: Fetch Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v1
+      - name: Label patch
+        if: ${{ steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' }}
+        run: |
+          gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch update**"
+          gh pr edit "$PR_URL" --add-label automerge --repo $GITHUB_REPOSITORY
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Label minor
+        if: ${{ steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor' }}
+        run: |
+          gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a minor update**"
+          gh pr edit "$PR_URL" --add-label automerge --repo $GITHUB_REPOSITORY
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/merge-dependabot-pr.yaml b/.github/workflows/merge-dependabot-pr.yaml
@@ -0,0 +1,15 @@
+name: merge-dependabot-pr
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0,15,30,45 7-14 * * 1,2,3,4,5'
+
+jobs:
+  merge-dependabot-pr:
+    uses: navikt/teamesyfo-github-actions-workflows/.github/workflows/merge-dependabot-pr.yaml@main
+    permissions:
+      actions: write
+      checks: read
+      contents: write
+      pull-requests: write
+      statuses: read
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -1 +1,3 @@
 * @navikt/team-esyfo
+package.json
+package-lock.json