8e2d02296bBEGIN_COMMIT_OVERRIDE chore: update configure-aws-credentials to v5 (#1470) END_COMMIT_OVERRIDE
41 lines
1.4 KiB
YAML
41 lines
1.4 KiB
YAML
name: Dependabot auto-approve
|
|
on:
|
|
pull_request_target:
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
pull-requests: write
|
|
id-token: write
|
|
contents: read
|
|
jobs:
|
|
dependabot:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'aws-actions/configure-aws-credentials' }}
|
|
steps:
|
|
- name: Get Metadata
|
|
id: dependabot-metadata
|
|
uses: dependabot/fetch-metadata@v2
|
|
- uses: actions/checkout@v5
|
|
name: Clone repo
|
|
- name: Configure AWS credentials
|
|
uses: aws-actions/configure-aws-credentials@v5
|
|
with:
|
|
aws-region: us-west-2
|
|
role-to-assume: ${{ secrets.CONFIGUREAWSCREDENTIALSPACKAGEROLEARN }}
|
|
role-duration-seconds: 900
|
|
- name: Get bot user token
|
|
uses: aws-actions/aws-secretsmanager-get-secrets@v2
|
|
with:
|
|
parse-json-secrets: true
|
|
secret-ids: |
|
|
${{ secrets.OSDS_PACKAGING_ROLE }}
|
|
- name: Approve PR if not already approved
|
|
run: |
|
|
gh pr checkout "$PR_URL"
|
|
if [ "$(gh pr status --json reviewDecision - q .currentBranch.reviewDecision)" != "APPROVED" ]; then
|
|
gh pr review "$PR_URL" --approve
|
|
else echo "PR already approved"
|
|
fi
|
|
env:
|
|
PR_URL: ${{ github.event.pull_request.html_url }}
|
|
GITHUB_TOKEN: ${{ env.OSDS_ACCESS_TOKEN }}
|