diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 567def3..cb6c358 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,9 +1,5 @@ version: 2 updates: - - package-ecosystem: 'npm' - directory: '/' - schedule: - interval: 'weekly' - package-ecosystem: 'docker' directory: '/docker' schedule: @@ -13,7 +9,12 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" + interval: "monthly" + - package-ecosystem: 'npm' + directory: '/' + open-pull-requests-limit: 20 + schedule: + interval: 'monthly' registries: ghcr: diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml index 3a44f7a..8fb3d45 100644 --- a/.github/workflows/check-dist.yml +++ b/.github/workflows/check-dist.yml @@ -25,7 +25,7 @@ jobs: with: node-version: ${{ steps.nvm.outputs.NVMRC }} - - name: Install NPM dependencies + - name: Install npm dependencies run: npm ci - name: Rebuild the dist/ directory diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..92d1495 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,19 @@ +name: Dependabot auto-merge +on: pull_request_target +permissions: + pull-requests: write + contents: write +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} + steps: + - name: Fetch metadata + uses: dependabot/fetch-metadata@v1.3.0 + + # Enable the automerge using a PAT so the merge commits trigger workflows + - name: Auto-merge + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.DEPENDABOT_AUTOBUILD }} diff --git a/.github/workflows/dependabot-build.yml b/.github/workflows/dependabot-build.yml index 36c467b..e688388 100644 --- a/.github/workflows/dependabot-build.yml +++ b/.github/workflows/dependabot-build.yml @@ -26,8 +26,8 @@ jobs: build-dependabot-changes: runs-on: ubuntu-latest needs: [fetch-dependabot-metadata] - # We only need to build the dist/ folder if the PR relates to Docker or a production NPM dependency, otherwise we don't expect changes. - if: needs.fetch-dependabot-metadata.output.package-ecosystem == 'docker' || ( needs.fetch-dependabot-metadata.output.package-ecosystem == 'npm_and_yarn' && needs.fetch-dependabot-metadata.outputs.dependency-type == 'direct:production' ) + # We only need to build the dist/ folder if the PR relates to Docker or a production npm dependency, otherwise we don't expect changes. + if: needs.fetch-dependabot-metadata.outputs.package-ecosystem == 'docker' || ( needs.fetch-dependabot-metadata.outputs.package-ecosystem == 'npm_and_yarn' && needs.fetch-dependabot-metadata.outputs.dependency-type == 'direct:production' ) steps: # Check out using a PAT so any pushed changes will trigger checkruns - uses: actions/checkout@v3 @@ -44,7 +44,7 @@ jobs: with: node-version: ${{ steps.nvm.outputs.NVMRC }} - - name: Install NPM dependencies + - name: Install npm dependencies run: npm ci # If we're reacting to a Docker PR, we have on extra step to refresh and check in the container manifest, diff --git a/.github/workflows/integration-test.yml b/.github/workflows/integration-test.yml index 9daa39e..905b116 100644 --- a/.github/workflows/integration-test.yml +++ b/.github/workflows/integration-test.yml @@ -26,7 +26,7 @@ jobs: with: node-version: ${{ steps.nvm.outputs.NVMRC }} - - name: Install NPM dependencies + - name: Install npm dependencies run: npm ci - name: Pre-fetch the pinned images diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2d7b94a..762eb01 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -24,7 +24,7 @@ jobs: with: node-version: ${{ steps.nvm.outputs.NVMRC }} - - name: Install NPM dependencies + - name: Install npm dependencies run: npm ci - name: Check formatting