diff --git a/.github/workflows/auto_approve_dependabot.yml b/.github/workflows/auto_approve_dependabot.yml new file mode 100644 index 0000000..4567aef --- /dev/null +++ b/.github/workflows/auto_approve_dependabot.yml @@ -0,0 +1,21 @@ +name: Auto-approve dependency updates + +on: + workflow_dispatch: + schedule: + - cron: '*/30 * * * *' + +permissions: {} +jobs: + auto-approve-dependabot: + runs-on: ubuntu-22.04 + environment: create_pull_request + permissions: + contents: write + pull-requests: write + steps: + - name: Auto approve and enable auto-merge + uses: NHSDigital/eps-dependabot-approve@da0503449b218ccd99bc547e242007d5514e4d2f + with: + AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }} + AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }} \ No newline at end of file diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index b3c974d..5444250 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -1,54 +1,41 @@ name: pull_request - on: - pull_request: - branches: [ main ] + pull_request: + branches: [main] permissions: {} jobs: - get_config_values: - uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845 - permissions: - attestations: "read" - contents: "read" - packages: "read" - with: - verify_published_from_main_image: false - - dependabot-auto-approve-and-merge: - uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845 - permissions: - contents: "write" - pull-requests: "write" - secrets: - AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }} - AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }} - - quality_checks: - uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845 - needs: [ get_config_values ] - permissions: - contents: "read" - packages: "read" - id-token: "write" - with: - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - secrets: - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - pr_title_format_check: - uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845 - permissions: - pull-requests: "write" - - tag_release: - needs: [ get_config_values ] - uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845 - permissions: - id-token: "write" - contents: "write" - packages: "write" - with: - dry_run: true - pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} - branch_name: ${{ github.event.pull_request.head.ref }} - tag_format: ${{ needs.get_config_values.outputs.tag_format }} + get_config_values: + uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845 + permissions: + attestations: "read" + contents: "read" + packages: "read" + with: + verify_published_from_main_image: false + quality_checks: + uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845 + needs: [get_config_values] + permissions: + contents: "read" + packages: "read" + id-token: "write" + with: + pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + pr_title_format_check: + uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845 + permissions: + pull-requests: "write" + tag_release: + needs: [get_config_values] + uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845 + permissions: + id-token: "write" + contents: "write" + packages: "write" + with: + dry_run: true + pinned_image: ${{ needs.get_config_values.outputs.pinned_image }} + branch_name: ${{ github.event.pull_request.head.ref }} + tag_format: ${{ needs.get_config_values.outputs.tag_format }}