spring-security/.github/workflows/merge-dependabot-pr.yml

name: Merge Dependabot PR

on: pull_request_target

run-name: Merge Dependabot PR ${{ github.ref_name }}

permissions: write-all

jobs:
  merge-dependabot-pr:
    name: Merge Dependabot PR
    runs-on: ubuntu-latest
    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }}
    steps:

      - uses: actions/checkout@v4
        with:
          show-progress: false
          ref: ${{ github.event.pull_request.head.sha }}

      - uses: actions/setup-java@v4
        with:
          distribution: temurin
          java-version: 17

      - name: Set Milestone to Dependabot Pull Request
        id: set-milestone
        run: |
          if test -f pom.xml
          then
            CURRENT_VERSION=$(mvn help:evaluate -Dexpression="project.version" -q -DforceStdout)
          else
            CURRENT_VERSION=$(cat gradle.properties | sed -n '/^version=/ { s/^version=//;p }')
          fi
          export CANDIDATE_VERSION=${CURRENT_VERSION/-SNAPSHOT}
          MILESTONE=$(gh api repos/$GITHUB_REPOSITORY/milestones --jq 'map(select(.due_on != null and (.title | startswith(env.CANDIDATE_VERSION)))) | .[0] | .title')
          
          if [ -z $MILESTONE ]
          then
            gh run cancel ${{ github.run_id }}
            echo "::warning title=Cannot merge::No scheduled milestone for $CURRENT_VERSION version"
          else
            gh pr edit ${{ github.event.pull_request.number }} --milestone $MILESTONE
            echo mergeEnabled=true >> $GITHUB_OUTPUT
          fi
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Merge Dependabot pull request
        if: steps.set-milestone.outputs.mergeEnabled
        run: gh pr merge ${{ github.event.pull_request.number }} --auto --rebase
        env:
          GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}
  send-notification:
    name: Send Notification
    needs: [ merge-dependabot-pr ]
    if: ${{ failure() || cancelled() }}
    runs-on: ubuntu-latest
    steps:
      - name: Send Notification
        uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1
        with:
          webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}
Automatically trigger auto merge for Dependabot PRs Issue gh-14535 2024-02-06 06:06:06 -05:00			`name: Merge Dependabot PR`

Use pull_request_target for merge-dependabot-pr.yml Issue gh-14721 2024-03-14 13:33:00 -04:00			`on: pull_request_target`
Automatically trigger auto merge for Dependabot PRs Issue gh-14535 2024-02-06 06:06:06 -05:00
			`run-name: Merge Dependabot PR ${{ github.ref_name }}`

Use token only for auto merge Issue gh-14721 2024-03-14 13:42:33 -04:00			`permissions: write-all`
Use GH_ACTIONS_REPO_TOKEN for merge-dependabot-pr.yml Issue gh-14721 2024-03-14 08:23:31 -04:00
Automatically trigger auto merge for Dependabot PRs Issue gh-14535 2024-02-06 06:06:06 -05:00			`jobs:`
			`merge-dependabot-pr:`
Migrate slack notifications to GChat (2nd attempt) Closes gh-15667 2024-08-21 17:16:50 -04:00			`name: Merge Dependabot PR`
Use GH_ACTIONS_REPO_TOKEN for merge-dependabot-pr.yml Issue gh-14721 2024-03-14 08:23:31 -04:00			`runs-on: ubuntu-latest`
Only Merge PRs from Original Repository 2024-07-26 09:25:30 -04:00			`if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'spring-projects/spring-security' }}`
Use GH_ACTIONS_REPO_TOKEN for merge-dependabot-pr.yml Issue gh-14721 2024-03-14 08:23:31 -04:00			`steps:`

			`- uses: actions/checkout@v4`
			`with:`
			`show-progress: false`
Use pull_request_target for merge-dependabot-pr.yml Issue gh-14721 2024-03-14 13:33:00 -04:00			`ref: ${{ github.event.pull_request.head.sha }}`
Use GH_ACTIONS_REPO_TOKEN for merge-dependabot-pr.yml Issue gh-14721 2024-03-14 08:23:31 -04:00
			`- uses: actions/setup-java@v4`
			`with:`
			`distribution: temurin`
			`java-version: 17`

			`- name: Set Milestone to Dependabot Pull Request`
			`id: set-milestone`
			`run: \|`
			`if test -f pom.xml`
			`then`
			`CURRENT_VERSION=$(mvn help:evaluate -Dexpression="project.version" -q -DforceStdout)`
			`else`
			`CURRENT_VERSION=$(cat gradle.properties \| sed -n '/^version=/ { s/^version=//;p }')`
			`fi`
			`export CANDIDATE_VERSION=${CURRENT_VERSION/-SNAPSHOT}`
			`MILESTONE=$(gh api repos/$GITHUB_REPOSITORY/milestones --jq 'map(select(.due_on != null and (.title \| startswith(env.CANDIDATE_VERSION)))) \| .[0] \| .title')`

			`if [ -z $MILESTONE ]`
			`then`
			`gh run cancel ${{ github.run_id }}`
			`echo "::warning title=Cannot merge::No scheduled milestone for $CURRENT_VERSION version"`
			`else`
			`gh pr edit ${{ github.event.pull_request.number }} --milestone $MILESTONE`
			`echo mergeEnabled=true >> $GITHUB_OUTPUT`
			`fi`
Add GH_TOKEN to set-milestone Issue gh-14721 2024-03-14 13:45:21 -04:00			`env:`
			`GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}`
Use GH_ACTIONS_REPO_TOKEN for merge-dependabot-pr.yml Issue gh-14721 2024-03-14 08:23:31 -04:00
			`- name: Merge Dependabot pull request`
			`if: steps.set-milestone.outputs.mergeEnabled`
			`run: gh pr merge ${{ github.event.pull_request.number }} --auto --rebase`
Use token only for auto merge Issue gh-14721 2024-03-14 13:42:33 -04:00			`env:`
			`GH_TOKEN: ${{ secrets.GH_ACTIONS_REPO_TOKEN }}`
Migrate slack notifications to GChat (2nd attempt) Closes gh-15667 2024-08-21 17:16:50 -04:00			`send-notification:`
			`name: Send Notification`
			`needs: [ merge-dependabot-pr ]`
			`if: ${{ failure() \|\| cancelled() }}`
			`runs-on: ubuntu-latest`
			`steps:`
			`- name: Send Notification`
			`uses: spring-io/spring-security-release-tools/.github/actions/send-notification@v1`
			`with:`
			`webhook-url: ${{ secrets.SPRING_SECURITY_CI_GCHAT_WEBHOOK_URL }}`