PI-2410 Auto-merge minor+patch Dependabot PRs (#4095)

* PI-2410 Auto-merge minor+patch Dependabot PRs Also reduced frequency, all Dependabot updates will now happen on Monday. * Update post-build step to check for matrix status * Fix documentation post-build step
ministryofjustice · Aug 2, 2024 · 0b835a8 · 0b835a8
1 parent 62b978f
commit 0b835a8
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 21 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -6,10 +6,7 @@ updates:
   - package-ecosystem: "gradle"
     directory: "/"
     schedule:
-      interval: "daily"
-    ignore:
-      - dependency-name: "software.amazon.awssdk:*" # reduce the noise of frequent AWS SDK updates
-        update-types: ["version-update:semver-patch"]
+      interval: "weekly"
     groups:
       minor:
         update-types:
@@ -21,7 +18,7 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
     groups:
       minor:
         update-types:
@@ -33,79 +30,79 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/.github/actions/analyse"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "github-actions"
     directory: "/.github/actions/app-insights-to-slack"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "github-actions"
     directory: "/.github/actions/check-changes"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "github-actions"
     directory: "/.github/actions/cloud-platform-auth"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "github-actions"
     directory: "/.github/actions/cloud-platform-deploy"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "github-actions"
     directory: "/.github/actions/create-signed-pull-request"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "github-actions"
     directory: "/.github/actions/docker-build"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "github-actions"
     directory: "/.github/actions/format-code"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "github-actions"
     directory: "/.github/actions/get-build-info"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "github-actions"
     directory: "/.github/actions/get-env-details"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "github-actions"
     directory: "/.github/actions/merge-changes"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "github-actions"
     directory: "/.github/actions/render-project-template"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "terraform"
     directory: "/templates"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "docker"
     directory: "/projects/person-search-index-from-delius/container"
     schedule:
-      interval: "daily"
+      interval: "weekly"
 
   - package-ecosystem: "docker"
     directory: "/projects/redrive-dead-letter-queues/container"
     schedule:
-      interval: "monthly" # to reduce frequency of AWS CLI updates
+      interval: "weekly"
 
   - package-ecosystem: "docker"
     directory: "/projects/feature-flags/container"
     schedule:
-      interval: "daily"
+      interval: "weekly"
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -11,6 +11,16 @@ jobs:
     name: Build
     uses: ./.github/workflows/build.yml
 
+  post-build:
+    name: Post-build
+    runs-on: ubuntu-latest
+    needs: build
+    if: always()
+    steps:
+      - name: Check build matrix status
+        if: ${{ needs.build.result != 'success' }}
+        run: exit 1
+
   analyse:
     name: Analyse
     runs-on: ubuntu-latest

diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
@@ -0,0 +1,31 @@
+# Automated management of Dependabot PRs
+name: Dependabot
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: "${{ github.token }}"
+
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ github.token }}
+
+      - name: Auto-approve minor or patch versions
+        run: gh pr review --approve "$PR_URL"
+        if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -130,6 +130,18 @@ jobs:
           name: ${{ matrix.project }}
           path: projects/${{ matrix.project }}/tech-docs/build
 
+  post-build:
+    name: Post-build
+    runs-on: ubuntu-latest
+    needs:
+      - build-index
+      - build-projects
+    if: always()
+    steps:
+      - name: Check build matrix status
+        if: ${{ needs.build-index.result != 'success' || needs.build-projects.result != 'success' }}
+        run: exit 1
+
   deploy:
     runs-on: ubuntu-latest
     timeout-minutes: 30