diff --git a/.github/workflows/dependabot-prs.yml b/.github/workflows/dependabot-prs.yml index 5a84f7c..df88e34 100644 --- a/.github/workflows/dependabot-prs.yml +++ b/.github/workflows/dependabot-prs.yml @@ -39,15 +39,11 @@ jobs: # a) it has the `development-dependencies` label, which we add for certain # categories of PRs (see `.github/dependabot.yml`), OR # b) Dependabot has categorized it as a `direct:development` dependency, - # meaning it's in the Gemfile in a `development` or `test` group - # - # Note that we also do nothing when the PR has already had auto-merge - # enabled, to prevent scenarios where this check runs many times (for - # instance, because removing `Needs QA` triggers another run, or because - # other PRs are merging and causing this to rebase and trigger another - # run) and then approves the PR many times, which is confusing and looks - # awkward. - if: ${{ github.actor == 'dependabot[bot]' && (!github.event.pull_request.auto_merge && (contains(github.event.pull_request.labels.*.name, 'development-dependencies') || steps.dependabot-metadata.outputs.dependency-type == 'direct:development')) }} + # meaning it's in the Gemfile in a `development` or `test` group, OR + # c) our scripts have flagged the PR as an automergeable dependency (i.e + # a stable dependency with good unit test coverage) that has passed + # the waiting period. + if: ${{ (github.actor == 'dependabot[bot]' || github.actor == 'panorama-bot-r') && steps.unique-committers.outputs.committers == '["dependabot[bot]"]' && (contains(github.event.pull_request.labels.*.name, 'development-dependencies') || steps.dependabot-metadata.outputs.dependency-type == 'direct:development' || contains(github.event.pull_request.labels.*.name, 'automerge-dependencies')) }} run: gh pr merge --auto --merge "$PR_URL" && gh pr edit "$PR_URL" --remove-label "Needs QA" && gh pr review --approve "$PR_URL" env: PR_URL: ${{github.event.pull_request.html_url}}