update workflows

Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org>
2021-10-27 22:52:48 +03:00 · 2021-10-27 22:52:48 +03:00 · 332803d8de
commit 332803d8de
parent 11c868d476
2 changed files with 30 additions and 62 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -9,7 +9,7 @@
 # the `language` matrix defined below to confirm you have the correct set of
 # supported CodeQL languages.
 #
-name: "CodeQL"
+name: "codeql"

 on:
  workflow_run:
@ -26,7 +26,7 @@ on:

 jobs:
  analyze:
-    name: Analyze
+    name: analyze
    runs-on: ubuntu-latest
    permissions:
      actions: read
@ -42,11 +42,14 @@ jobs:
        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed

    steps:
-    - name: Checkout repository
+    - name: checkout
      uses: actions/checkout@v2
-
+    - name: setup
+      uses: actions/setup-go@v2
+      with:
+        go-version: 1.16
    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
+    - name: init
      uses: github/codeql-action/init@v1
      with:
        languages: ${{ matrix.language }}
@ -57,7 +60,7 @@ jobs:

    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
+    - name: autobuild
      uses: github/codeql-action/autobuild@v1

    # ℹ️ Command-line programs to run using the OS shell.
@ -71,5 +74,5 @@ jobs:
    #   make bootstrap
    #   make release

-    - name: Perform CodeQL Analysis
+    - name: analyze
      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/dependabot-automerge.yml
+++ b/.github/workflows/dependabot-automerge.yml
@ -1,66 +1,31 @@
 name: "prautomerge"

 on:
-  workflow_run:
-    workflows: ["prbuild"]
-    types:
-      - completed
+  pull_request_target:
+    types: [assigned, opened, synchronize, reopened]

 permissions:
-  contents: write
  pull-requests: write
+  contents: write

 jobs:
-  Dependabot-Automerge:
+  dependabot:
    runs-on: ubuntu-latest
-    # Contains workaround to execute if dependabot updates the PR by checking for the base branch in the linked PR
-    # The the github.event.workflow_run.event value is 'push' and not 'pull_request'
-    # dont work with multiple workflows when last returns success
-    if: >-
-      github.event.workflow_run.conclusion == 'success'
-      && github.actor == 'dependabot[bot]'
-      && github.event.sender.login == 'dependabot[bot]'
-      && github.event.sender.type == 'Bot'
-      && (github.event.workflow_run.event == 'pull_request'
-          || (github.event.workflow_run.event == 'push' && github.event.workflow_run.pull_requests[0].base.ref == github.event.repository.default_branch ))
+    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
-      - name: Approve Changes and Merge changes if label 'dependencies' is set
-        uses: actions/github-script@v5
+      - name: metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1.1.1
        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            console.log(context.payload.workflow_run);
-            
-            var labelNames = await github.paginate(
-              github.issues.listLabelsOnIssue,
-              {
-                repo: context.repo.repo,
-                owner: context.repo.owner,
-                issue_number: context.payload.workflow_run.pull_requests[0].number,
-              },
-              (response) => response.data.map(
-                (label) => label.name
-              )
-            );
-
-            console.log(labelNames);
-
-            if (labelNames.includes('dependencies')) {
-              console.log('Found label');
-
-              await github.pulls.createReview({
-                repo: context.repo.repo,
-                owner: context.repo.owner,
-                pull_number: context.payload.workflow_run.pull_requests[0].number,
-                event: 'APPROVE'
-              });
-              console.log('Approved PR');
-
-              await github.pulls.merge({
-                repo: context.repo.repo,
-                owner: context.repo.owner,
-                pull_number: context.payload.workflow_run.pull_requests[0].number,
-              });
-
-              console.log('Merged PR');
-            }
+          github-token: "${{ secrets.TOKEN }}"
+      - name: approve
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.TOKEN}}
+      - name: merge
+        if: ${{contains(steps.metadata.outputs.dependency-names, 'go.unistack.org')}}
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.TOKEN}}