Update Angular to v22, adopt OnPush, and modernize tooling #77
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Approve Dependabot PR's" | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| dependabot-check: | |
| runs-on: ubuntu-latest | |
| if: always() # this job needs to run because we use it as a required workflow | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| outputs: | |
| ecosystem: ${{ steps.metadata.outputs.package-ecosystem }} | |
| update-type: ${{ steps.metadata.outputs.update-type }} | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: Load Dependabot metadata | |
| if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} | |
| id: metadata | |
| uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 #v3.1.0 | |
| with: | |
| github-token: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }} | |
| - name: Show Dependabot metadata info | |
| if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }} | |
| run: | | |
| echo "Found ecosystem: [${{ steps.metadata.outputs.package-ecosystem }}]" | |
| echo "Found update-type: [${{ steps.metadata.outputs.update-type }}]" | |
| - name: Empty step so the job has something to do as it is used as a required workflow | |
| run: echo "Not happy about it, but the job has to run" | |
| dependabot-actions: | |
| runs-on: ubuntu-latest | |
| needs: dependabot-check | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| actions: write #the updates for this ecosystem will push to the .github/workflows folder | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: Show needs values | |
| run: | | |
| echo "Got eecosystem: [${{ needs.dependabot-check.outputs.ecosystem }}]" | |
| echo "Got update-type: [${{ needs.dependabot-check.outputs.update-type }}]" | |
| - name: Approve the PR | |
| if: (github.event.pull_request.user.login == 'dependabot[bot]' || needs.dependabot-check.outputs.ecosystem == 'github-actions') && (needs.dependabot-check.outputs.update-type == 'version-update:semver-minor' || needs.dependabot-check.outputs.update-type == 'version-update:semver-patch') | |
| run: gh pr review --approve "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
| - name: Enable auto-merge for Dependabot PRs | |
| if: github.event.pull_request.user.login == 'dependabot[bot]' || needs.dependabot-check.outputs.ecosystem == 'github-actions' | |
| run: gh pr merge --auto --merge "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }} | |
| dependabot-other: | |
| runs-on: ubuntu-latest | |
| needs: dependabot-check | |
| if: always() # this job needs to run because we use it as a required workflow | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| actions: read #the updates for this ecosystem will NOT push to the .github/workflows folder | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: Approve the PR | |
| if: (github.event.pull_request.user.login == 'dependabot[bot]' || needs.dependabot-check.outputs.ecosystem == 'github-actions') && (needs.dependabot-check.outputs.update-type == 'version-update:semver-minor' || needs.dependabot-check.outputs.update-type == 'version-update:semver-patch') | |
| run: gh pr review --approve "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
| - name: Enable auto-merge for Dependabot PRs | |
| if: (github.event.pull_request.user.login == 'dependabot[bot]' || needs.dependabot-check.outputs.ecosystem == 'github-actions') && (needs.dependabot-check.outputs.update-type == 'version-update:semver-minor' || needs.dependabot-check.outputs.update-type == 'version-update:semver-patch') | |
| run: gh pr merge --auto --merge "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GH_TOKEN || secrets.GITHUB_TOKEN }} | |
| not-dependabot: | |
| runs-on: ubuntu-latest | |
| if: always() # this job needs to run because we use it as a required workflow | |
| steps: | |
| - name: Harden the runner (Audit all outbound calls) | |
| uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411 # v2.19.4 | |
| with: | |
| egress-policy: audit | |
| - name: Empty step | |
| if: ${{ github.event.pull_request.user.login != 'dependabot[bot]' }} | |
| run: echo "Hello user! We needed a job to run in this required workflow, or it prohibits merging" | tee "$GITHUB_STEP_SUMMARY" |