Update auto-approve-dependabot.yml

OWASP-BLT · May 4, 2024 · bef6ffa · bef6ffa
1 parent a4831e8
commit bef6ffa
Showing 1 changed file with 18 additions and 14 deletions.
diff --git a/.github/workflows/auto-approve-dependabot.yml b/.github/workflows/auto-approve-dependabot.yml
@@ -1,24 +1,28 @@
 name: Approve and Merge Dependabot PRs
-on: pull_request
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
 
 permissions:
   contents: write
-  pull-requests: write  # Added permission to interact with pull requests
+  pull-requests: write
 
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
-    permissions:
-      issues: write
-      pull-requests: write  # Ensure this is explicitly set for the job too
-    env:
-      PR_URL: ${{ github.event.pull_request.html_url }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    if: github.actor == 'dependabot[bot]'
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2  # This step is typically necessary before interacting with the PR
-      - name: approve
-        run: gh pr review --approve "$PR_URL"
-      - name: merge
-        run: gh pr merge --auto --squash --delete-branch "$PR_URL"
+        uses: actions/checkout@v2
+
+      - name: Install GitHub CLI
+        run: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key C99B11DEB97541F0 && sudo apt-add-repository https://cli.github.com/packages && sudo apt update && sudo apt install gh -y
+
+      - name: Authenticate GitHub CLI
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token
+
+      - name: Approve the PR
+        run: gh pr review --approve "${{ github.event.pull_request.number }}"
+
+      - name: Auto-Merge the PR
+        run: gh pr merge --squash --auto --delete-branch "${{ github.event.pull_request.number }}"