Skip to content
Dependabot Reviewer v2

Bump browser-sync from 3.0.2 to 3.0.3 #33

Sign in to view logs

Bump browser-sync from 3.0.2 to 3.0.3

Bump browser-sync from 3.0.2 to 3.0.3 #33

Workflow file for this run

.github/workflows/main.yml at 7f083fb
name: Dependabot Reviewer v2
on:
pull_request_target:
types: [opened, synchronize, reopened]
permissions:
pull-requests: write
contents: write
jobs:
setup-and-cache:
runs-on: ubuntu-latest
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
steps:
- name: Checkout repository code
uses: actions/checkout@v4
- name: Set up Node.js (latest LTS)
uses: actions/setup-node@v4
with:
node-version: "lts/*"
- name: Cache Node.js modules
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm install
review-pr:
runs-on: ubuntu-latest
needs: setup-and-cache
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
steps:
- name: Checkout repository code
uses: actions/checkout@v4
- name: Fetch Dependabot metadata
id: dependabot-metadata
uses: dependabot/[email protected]
- name: Approve patch and minor updates
if: ${{ steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor' }}
run: |
gh pr review ${{ github.event.pull_request.number }} --approve -b "**Approved:** includes a patch or minor update"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Approve major updates of development dependencies
if: ${{ steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development' }}
run: |
gh pr review ${{ github.event.pull_request.number }} --approve -b "**Approved:** major update of a development dependency"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Comment on major updates of non-development dependencies
if: ${{ steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production' }}
run: |
gh pr comment ${{ github.event.pull_request.number }} --body "**Not approved:** includes a major update of a production dependency"
gh pr edit ${{ github.event.pull_request.number }} --add-label "requires-manual-qa"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
auto-merge:
runs-on: ubuntu-latest
needs: review-pr
if: ${{ success() && github.event.pull_request.user.login == 'dependabot[bot]' }}
steps:
- name: Checkout repository code
uses: actions/checkout@v4
- name: Auto-merge Dependabot PR
run: gh pr merge --auto --rebase ${{ github.event.pull_request.number }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}