diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 48242cce..f4a3a5d5 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1,9 @@ * @wpengine/headless-open-source @wpengine/spcs + +# Dependency files: bot is co-owner so its approval satisfies CODEOWNERS for Dependabot PRs +package.json @wpe-ie-deploy-bot @wpengine/headless-open-source @wpengine/spcs +package-lock.json @wpe-ie-deploy-bot @wpengine/headless-open-source @wpengine/spcs +composer.json @wpe-ie-deploy-bot @wpengine/headless-open-source @wpengine/spcs +composer.lock @wpe-ie-deploy-bot @wpengine/headless-open-source @wpengine/spcs +Dockerfile @wpe-ie-deploy-bot @wpengine/headless-open-source @wpengine/spcs +docker-compose.yml @wpe-ie-deploy-bot @wpengine/headless-open-source @wpengine/spcs diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 00000000..4bc99d20 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,110 @@ +version: 2 +updates: + # npm (root monorepo — workspaces cover packages/* and plugins/*) + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + # composer (plugins) + - package-ecosystem: "composer" + directory: "/plugins/hwp-cli" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + - package-ecosystem: "composer" + directory: "/plugins/hwp-previews" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + - package-ecosystem: "composer" + directory: "/plugins/wpgraphql-debug-extensions" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + - package-ecosystem: "composer" + directory: "/plugins/wpgraphql-logging" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + - package-ecosystem: "composer" + directory: "/plugins/wpgraphql-webhooks" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + # docker (Dockerfiles) + - package-ecosystem: "docker" + directory: "/plugins/hwp-previews/.docker" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + - package-ecosystem: "docker" + directory: "/plugins/wpgraphql-logging/.docker" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + # docker (docker-compose) + - package-ecosystem: "docker" + directory: "/plugins/hwp-previews" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + - package-ecosystem: "docker" + directory: "/plugins/wpgraphql-debug-extensions" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + - package-ecosystem: "docker" + directory: "/plugins/wpgraphql-logging" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + - package-ecosystem: "docker" + directory: "/plugins/wpgraphql-webhooks" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + # github-actions + - package-ecosystem: "github-actions" + directory: "/.github/workflows" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] diff --git a/.github/workflows/create-release-branch.yml b/.github/workflows/create-release-branch.yml index e0bef01b..e195c054 100644 --- a/.github/workflows/create-release-branch.yml +++ b/.github/workflows/create-release-branch.yml @@ -130,8 +130,8 @@ jobs: git commit -m "chore: apply version bump from changesets for ${{ steps.plugin.outputs.slug }}" git push origin "$BRANCH_NAME" - # Create PR - gh pr create \ + # Create PR and capture URL for auto-merge steps + RELEASE_PR_URL=$(gh pr create \ --title "Release: ${{ steps.plugin.outputs.slug }} version bump" \ --body "Automated release PR for ${{ steps.plugin.outputs.slug }} plugin. @@ -139,8 +139,21 @@ jobs: Plugin: ${{ steps.plugin.outputs.slug }}" \ --base main \ - --head "$BRANCH_NAME" + --head "$BRANCH_NAME") + echo "RELEASE_PR_URL=$RELEASE_PR_URL" >> $GITHUB_ENV fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Approve release PR + if: env.RELEASE_PR_URL != '' + env: + GH_TOKEN: ${{ secrets.RELEASE_PAT }} + run: gh pr review --approve "$RELEASE_PR_URL" + + - name: Enable auto-merge on release PR + if: env.RELEASE_PR_URL != '' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh pr merge --auto --squash "$RELEASE_PR_URL" diff --git a/.github/workflows/dependabot-automation.yaml b/.github/workflows/dependabot-automation.yaml new file mode 100644 index 00000000..ef200d49 --- /dev/null +++ b/.github/workflows/dependabot-automation.yaml @@ -0,0 +1,29 @@ +name: Dependabot Automation +on: pull_request + +permissions: + contents: write + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{github.actor == 'dependabot[bot]'}} + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 + with: + github-token: "${{secrets.GITHUB_TOKEN}}" + - name: Approve PR + if: ${{steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'}} + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.DEPENDABOT_APPROVER_TOKEN}} + run: gh pr review --approve "$PR_URL" + - name: Enable auto-merge + if: ${{steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'}} + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.GITHUB_TOKEN}} + run: gh pr merge --auto --squash "$PR_URL"