Skip to content

[Coverage] BuildBot.Watchtower — increase code coverage to 100% #1020

[Coverage] BuildBot.Watchtower — increase code coverage to 100%

[Coverage] BuildBot.Watchtower — increase code coverage to 100% #1020

--- # Dependabot: approve dependency updates
name: "Dependabot: Approve updates"
on:
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests
# could and should work, at least for public repos;
# tracking issue for this action's issue:
# https://github.com/ahmadnassri/action-dependabot-auto-merge/issues/60
pull_request_target:
types:
- opened
- edited
- reopened
- synchronize
- ready_for_review
branches:
- main
permissions:
contents: read
jobs:
requirements:
if: vars.DEPENDABOT_AUTOMERGE == 'true' && github.actor == 'dependabot[bot]'
runs-on: [self-hosted, linux, build]
steps:
- name: "Check Required Secrets"
shell: bash
run: |
if [ -z "${{secrets.SOURCE_PUSH_TOKEN}}" ]; then
echo "::error::SOURCE_PUSH_TOKEN is required but not set"
exit 1
fi
enable-auto-merge:
needs: [requirements]
if: |-
vars.DEPENDABOT_AUTOMERGE == 'true' &&
github.actor == 'dependabot[bot]' &&
(startsWith(github.head_ref, 'dependabot/github_actions/') || startsWith(github.head_ref, 'dependabot/npm_and_yarn/'))
runs-on: [self-hosted, linux, build]
permissions:
contents: write
pull-requests: write
# Specifically check that dependabot (or another trusted party) created this pull-request, and that it has been labelled correctly.
steps:
- name: "Initialise Workspace"
if: runner.environment == 'self-hosted'
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- name: "Set Active Environment"
shell: bash
run: |
{
echo "ACTIVE_RUNNER_NAME=${{runner.name}}"
echo "ACTIVE_HOSTNAME=$HOSTNAME"
echo "ACTIVE_USER=$USER"
} >> "$GITHUB_ENV"
- name: "Checkout Source"
uses: actions/checkout@v6.0.3
with:
clean: true
fetch-depth: 1
ref: ${{github.event.pull_request.base.sha}}
- name: "Auto Merge"
uses: ./.github/actions/enable-automerge
with:
github-token: ${{secrets.SOURCE_PUSH_TOKEN}}
merge-method: "MERGE"
auto-approve-dependabot:
needs: [requirements]
if: |-
vars.DEPENDABOT_AUTOMERGE == 'true' &&
github.actor == 'dependabot[bot]' &&
(startsWith(github.head_ref, 'dependabot/github_actions/') || startsWith(github.head_ref, 'dependabot/npm_and_yarn/'))
runs-on: [self-hosted, linux, build]
permissions:
contents: write
pull-requests: write
steps:
- name: "Initialise Workspace"
if: runner.environment == 'self-hosted'
shell: bash
run: sudo chown -R "$USER:$USER" "$GITHUB_WORKSPACE"
- name: "Set Active Environment"
shell: bash
run: |
{
echo "ACTIVE_RUNNER_NAME=${{runner.name}}"
echo "ACTIVE_HOSTNAME=$HOSTNAME"
echo "ACTIVE_USER=$USER"
} >> "$GITHUB_ENV"
- name: "Checkout Source"
uses: actions/checkout@v6.0.3
with:
clean: true
fetch-depth: 1
ref: ${{github.event.pull_request.base.sha}}
- name: "Approve"
uses: ./.github/actions/approve-pr
with:
github-token: ${{secrets.SOURCE_PUSH_TOKEN}}