-
Notifications
You must be signed in to change notification settings - Fork 0
90 lines (78 loc) · 4.62 KB
/
automerge-global.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
---
name: Approve and Auto-Merge Pull Request
# This re-usable workflow helps to approve and enable automerge of pull requests if it's made by an author and the tests are completed.
# It solves an issue related to wait all tests on auto merge https://github.com/orgs/community/discussions/27349
on:
workflow_call:
inputs:
author-name:
type: string
default: app/renovate
jobs:
# do not change the name
approve-and-auto-merge:
runs-on: ubuntu-latest
# only trigger on a renovate branch
if: contains(github.head_ref || github.ref, 'renovate/')
steps:
- name: Checkout Repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Check author and type of change
id: check-major
run: |
: # we don't rely on github.actor as it's the latest person to schedule/trigger the workflow.
pr_author="$(gh pr view ${{ github.event.pull_request.number }} --json author --jq '.author.login')"
if [ "$pr_author" = "${{ inputs.author-name }}" ]; then
echo "skip=false" | tee -a "$GITHUB_ENV"
else
echo "This PR was not created by ${{ inputs.author-name }}, skipping auto approval."
echo "skip=true" | tee -a "$GITHUB_ENV"
exit 0
fi
labels_json=$(gh pr view ${{ github.event.pull_request.number }} --json labels)
if echo "$labels_json" | jq -e '.labels[] | select(.name == "upgrade:major")' > /dev/null; then
echo "This PR is related to major changes. Skipping approval and auto-merge."
echo "skip=true" | tee -a "$GITHUB_ENV"
exit 0
else
echo "The label 'upgrade:major' is not present. Proceeding with approval and auto-merge."
echo "skip=false" | tee -a "$GITHUB_ENV"
fi
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Wait for other checks to succeed
uses: poseidon/wait-for-status-checks@899c768d191b56eef585c18f8558da19e1f3e707 # v0.6.0
if: env.skip == 'false'
with:
token: ${{ secrets.GITHUB_TOKEN }}
ignore_pattern: renovate-automerge / approve-and-auto-merge # due to a bug, this action does not work well with workflow call, we need to specify the name of the calling workflow
delay: 30s # wait 30s before checking
timeout: 10800 # 3 hours timeout
- name: Generate token for GitHub
id: generate-github-token
uses: camunda/infra-global-github-actions/generate-github-app-token-from-vault-secrets@dd24aca70d2b175ef5b571ad8ea5ef00683f4ae4 # main
with:
github-app-id-vault-key: GITHUB_APP_ID
github-app-id-vault-path: secret/data/products/infrastructure-experience/ci/common
github-app-private-key-vault-key: GITHUB_APP_PRIVATE_KEY
github-app-private-key-vault-path: secret/data/products/infrastructure-experience/ci/common
vault-auth-method: approle
vault-auth-role-id: ${{ secrets.VAULT_ROLE_ID }}
vault-auth-secret-id: ${{ secrets.VAULT_SECRET_ID }}
vault-url: ${{ secrets.VAULT_ADDR }}
- name: Approve Pull Request and auto-merge
if: env.skip == 'false'
run: |
: # Approve the PR and add a comment with workflow reference
workflow_url="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
: # Check if the PR has already been approved and prevent multiple comments
approved=$(gh pr view ${{ github.event.pull_request.number }} --json reviewDecision --jq '.reviewDecision')
if [ "$approved" = "APPROVED" ]; then
echo "This PR has already been approved."
else
gh pr review ${{ github.event.pull_request.number }} --approve
gh pr comment ${{ github.event.pull_request.number }} --body "This PR has been auto-approved as it does not involve major changes. Workflow run: [See details](${workflow_url})"
fi
gh pr merge ${{ github.event.pull_request.number }} --squash
env:
GH_TOKEN: ${{ steps.generate-github-token.outputs.token }}