From 609d1165fb0c4f07d47183dcafd3989e53876952 Mon Sep 17 00:00:00 2001 From: Marcus Hert Da Coregio Date: Wed, 14 Feb 2024 11:24:38 -0300 Subject: [PATCH] Created Dependabot Automations (asciidoc) --- Dependabot-Automations.asciidoc | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 Dependabot-Automations.asciidoc diff --git a/Dependabot-Automations.asciidoc b/Dependabot-Automations.asciidoc new file mode 100644 index 0000000..d916217 --- /dev/null +++ b/Dependabot-Automations.asciidoc @@ -0,0 +1,27 @@ += Dependabot Automations + +Spring Security has some automation around Dependabot that aims to reduce the amount of manual work needed to keep the PRs merged and the branches in sync as well as keeping the `dependabot.yml` file updated. This document outlines what each of those automations do. + +== Update `dependabot.yml` (https://github.com/spring-projects/spring-security/blob/main/.github/workflows/update-dependabot.yml[workflow file]) + +This workflow runs every day and makes sure that the `dependabot.yml` file is updated whenever the https://spring.io/projects/spring-security#support[supported branches] or the https://github.com/spring-projects/spring-security/blob/main/.github/dependabot.template.yml[`dependabot.template.yml`] file changes. + +More details on the https://github.com/spring-io/spring-security-release-tools/tree/main/.github/actions/generate-dependabot-yml[action's repository]. + +== Merge Dependabot PR (https://github.com/spring-projects/spring-security/blob/main/.github/workflows/merge-dependabot-pr.yml[workflow file]) + +This workflow runs when a PR is opened by the `dependabot[bot]` user and does: + +- Assign a PR to a specific milestone based on the target branch of its PR +- Trigger PR's https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request[auto merge] + +[[trigger-auto-merge-forward]] +== Trigger Dependabot Auto Merge Forward (https://github.com/spring-projects/spring-security/blob/main/.github/workflows/trigger-dependabot-auto-merge-forward.yml[workflow file]) + +This workflow runs when a new commit from the `dependabot[bot]` author is pushed into one of the supported branches. Its sole responsibility is to invoke the <> workflow. + +[[auto-merge-forward]] +== Auto Merge Forward Dependabot Commits (https://github.com/spring-projects/spring-security/blob/main/.github/workflows/dependabot-auto-merge-forward.yml[workflow file]) + +This workflow is <> from `dependabot[bot]` is pushed to any of the supported branches. +It first retrieves the currently supported branches and pass them to the https://github.com/spring-io/spring-security-release-tools/tree/main/.github/actions/auto-merge-forward[Auto Merge Forward Action] invocation. The action takes care of merging the commits that are not in sync between the branches. More details on the https://github.com/spring-io/spring-security-release-tools/tree/main/.github/actions/auto-merge-forward[action's repository]. \ No newline at end of file