diff --git a/.github/workflows/auto-merge-snyk.yml b/.github/workflows/auto-merge-snyk.yml index daaa212..c2a9eb2 100644 --- a/.github/workflows/auto-merge-snyk.yml +++ b/.github/workflows/auto-merge-snyk.yml @@ -11,45 +11,66 @@ jobs: auto-merge: runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Set up GitHub CLI - uses: actions/setup-node@v3 - with: - node-version: "14" - - run: npm install -g @octokit/graphql - - - name: Get PR info - id: pr-info - run: | - gh pr view ${{ github.event.pull_request.number }} --json author,headRefName,labels -q '.author.login,.headRefName,.labels.[].name' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Check if PR is from Snyk - id: check-snyk - run: | - if [[ "${{ steps.pr-info.outputs.headRefName }}" == snyk/* ]]; then - echo "::set-output name=is_snyk::true" - else - echo "::set-output name=is_snyk::false" - fi - - - name: Check if all checks passed - id: check-passed - run: | - checks=$(gh pr checks ${{ github.event.pull_request.number }} --json status -q '.[] | select(.name == "continuous-integration" and .status != "success") | .name') - if [[ -z "$checks" ]]; then - echo "::set-output name=checks_passed::true" - else - echo "::set-output name=checks_passed::false" - fi - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Auto merge if conditions are met - if: steps.check-snyk.outputs.is_snyk == 'true' && steps.check-passed.outputs.checks_passed == 'true' - run: gh pr merge ${{ github.event.pull_request.number }} --merge - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up GitHub CLI + uses: actions/setup-gh@v3 + + - name: Get PR info + id: pr-info + run: | + pr_info=$(gh pr view ${{ github.event.pull_request.number }} --json title,author) + echo "$pr_info" | jq -r '.title' > pr_title.txt + echo "$pr_info" | jq -r '.author.login' > author.txt + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Check if PR title starts with [snyk] + id: check-snyk + run: | + pr_title=$(cat pr_title.txt) + if [[ "$pr_title" == \[snyk\]* ]]; then + echo "::set-output name=is_snyk::true" + else + echo "::set-output name=is_snyk::false" + fi + + - name: Check if snyk-bot is a participant + id: check-participant + run: | + participants=$(gh pr view ${{ github.event.pull_request.number }} --json comments,reviewRequests,reviews -q ' + [ + .comments.nodes[].author.login, + .reviewRequests.nodes[].requestedReviewer.login, + .reviews.nodes[].author.login + ] | unique' + ) + echo "$participants" | jq -r '.[]' > participants.txt + if grep -q "snyk-bot" participants.txt; then + echo "::set-output name=is_snyk_bot_participant::true" + else + echo "::set-output name=is_snyk_bot_participant::false" + fi + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Check if all checks passed + id: check-passed + run: | + checks=$(gh pr checks ${{ github.event.pull_request.number }} --json status -q ' + .[] | select(.status != "completed" or .conclusion != "success") | .name' + ) + if [[ -z "$checks" ]]; then + echo "::set-output name=checks_passed::true" + else + echo "::set-output name=checks_passed::false" + fi + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Auto merge if conditions are met + if: steps.check-snyk.outputs.is_snyk == 'true' && steps.check-author.outputs.is_snyk_bot == 'true' && steps.check-participant.outputs.is_snyk_bot_participant == 'true' && steps.check-passed.outputs.checks_passed == 'true' + run: gh pr merge ${{ github.event.pull_request.number }} --merge + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file