From 40bc280e549a183a075a674f3af2b448d2540234 Mon Sep 17 00:00:00 2001 From: James Date: Fri, 17 Apr 2026 14:45:12 +0100 Subject: [PATCH 1/7] mesh-2816: automate dependabot --- .dependabot/config.yml | 27 ++++++-------- .github/workflows/dependabot-auto-merge.yaml | 37 ++++++++++++++++++++ .tool-versions | 1 + 3 files changed, 48 insertions(+), 17 deletions(-) create mode 100644 .github/workflows/dependabot-auto-merge.yaml diff --git a/.dependabot/config.yml b/.dependabot/config.yml index 280c45c..b59381b 100644 --- a/.dependabot/config.yml +++ b/.dependabot/config.yml @@ -1,23 +1,16 @@ -version: 1 -update_configs: +version: 2 +updates: - package_manager: "javascript" directory: "/" - update_schedule: "live" - automerged_updates: - - match: - dependency_type: "all" - update_type: "security:patch" + schedule: + interval: "daily" + - package_manager: "javascript" directory: "/sandbox" - update_schedule: "live" - automerged_updates: - - match: - dependency_type: "all" - update_type: "security:patch" + schedule: + interval: "daily" + - package_manager: "python" directory: "/" - update_schedule: "live" - automerged_updates: - - match: - dependency_type: "all" - update_type: "security:patch" + schedule: + interval: "daily" diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml new file mode 100644 index 0000000..d9cf8f1 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -0,0 +1,37 @@ +name: Auto-merge Dependabot PRs + +on: + pull_request: + types: + - opened + - reopened + - synchronize + - ready_for_review + - labeled + +jobs: + enable-automerge: + # Only run on Dependabot PRs + if: github.actor == 'dependabot[bot]' + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + + steps: + - name: Fetch Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 #v3.0.0 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Auto-approve Dependabot PR + uses: hmarr/auto-approve-action@8f929096a962e83ccdfa8afcf855f39f12d4dac7 # v4 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Enable auto-merge for Dependabot PRs + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.tool-versions b/.tool-versions index 668f952..091c535 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,3 +1,4 @@ python 3.8.18 nodejs 24.7.0 poetry 1.8.5 +java temurin-21.0.10+7.0.LTS From 1806e544142f96f7656bb43316c8779acbcfe29f Mon Sep 17 00:00:00 2001 From: James Date: Fri, 17 Apr 2026 15:06:51 +0100 Subject: [PATCH 2/7] mesh-2816: update CODEOWNERS --- .github/CODEOWNERS | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index d2460cb..49fe597 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1,8 @@ * @alisonkinloch-nhs @matt-mercer @nhsdigital/mesh-to-cloud-admins + +# Exempt for dependabot PRs + +poetry.lock +pyproject.toml +.github/workflows/*.yml +.github/workflows/*.yaml From a5d0726904067b91bd415d53e5fdd0ec306cc6b9 Mon Sep 17 00:00:00 2001 From: James Date: Fri, 17 Apr 2026 16:37:44 +0100 Subject: [PATCH 3/7] mesh-2816: fix pr-lint --- .github/workflows/pr-lint.yaml | 37 ++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml index 52dd39e..2604859 100644 --- a/.github/workflows/pr-lint.yaml +++ b/.github/workflows/pr-lint.yaml @@ -1,5 +1,7 @@ name: PR Quality Check on: pull_request +permissions: + pull-requests: write jobs: link-ticket: runs-on: ubuntu-latest @@ -20,10 +22,33 @@ jobs: - name: Comment on PR if: contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'mesh-') || contains(github.event.pull_request.head.ref, 'MESH-') || contains(github.event.pull_request.head.ref, 'mesh2cloud-') || contains(github.event.pull_request.head.ref, 'MESH2CLOUD-') || contains(github.event.pull_request.head.ref, 'spii-') || contains(github.event.pull_request.head.ref, 'SPII-') || contains(github.event.pull_request.head.ref, 'spinecore-') || contains(github.event.pull_request.head.ref, 'SPINECORE-') - uses: unsplash/comment-on-pr@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: actions/github-script@v7 with: - msg: | - This branch is work on a ticket in the NHS Digital AMB JIRA Project. Here's a handy link to the ticket: - # [${{ env.TICKET_NAME }}](https://jira.digital.nhs.uk/browse/${{ env.TICKET_NAME}}) + script: | + const owner = context.repo.owner; + const repo = context.repo.repo; + const issue_number = context.payload.pull_request.number; + const ticket = process.env.TICKET_NAME; + const message = `This branch is work on a ticket in the NHS Digital AMB JIRA Project. Here's a handy link to the ticket:\n# [${ticket}](https://jira.digital.nhs.uk/browse/${ticket})`; + + const { data: comments } = await github.rest.issues.listComments({ + owner, + repo, + issue_number, + per_page: 100, + }); + + const existing = comments.find((comment) => + comment.body && comment.body.includes(`https://jira.digital.nhs.uk/browse/${ticket}`) + ); + + if (!existing) { + await github.rest.issues.createComment({ + owner, + repo, + issue_number, + body: message, + }); + } + env: + TICKET_NAME: ${{ env.TICKET_NAME }} From d6d80aa8d12b00e1448e4b135f15ad6c868bfec8 Mon Sep 17 00:00:00 2001 From: James Date: Mon, 20 Apr 2026 13:56:50 +0100 Subject: [PATCH 4/7] mesh-2816: revert pr-lint --- .github/workflows/pr-lint.yaml | 31 +++---------------------------- 1 file changed, 3 insertions(+), 28 deletions(-) diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml index 45dc5c8..8fdbb29 100644 --- a/.github/workflows/pr-lint.yaml +++ b/.github/workflows/pr-lint.yaml @@ -26,31 +26,6 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - script: | - const owner = context.repo.owner; - const repo = context.repo.repo; - const issue_number = context.payload.pull_request.number; - const ticket = process.env.TICKET_NAME; - const message = `This branch is work on a ticket in the NHS Digital AMB JIRA Project. Here's a handy link to the ticket:\n# [${ticket}](https://jira.digital.nhs.uk/browse/${ticket})`; - - const { data: comments } = await github.rest.issues.listComments({ - owner, - repo, - issue_number, - per_page: 100, - }); - - const existing = comments.find((comment) => - comment.body && comment.body.includes(`https://jira.digital.nhs.uk/browse/${ticket}`) - ); - - if (!existing) { - await github.rest.issues.createComment({ - owner, - repo, - issue_number, - body: message, - }); - } - env: - TICKET_NAME: ${{ env.TICKET_NAME }} + msg: | + This branch is work on a ticket in the NHS Digital AMB JIRA Project. Here's a handy link to the ticket: + # [${{ env.TICKET_NAME }}](https://jira.digital.nhs.uk/browse/${{ env.TICKET_NAME}}) From 69b61e123b457e3465c0e575adbbb742ed199460 Mon Sep 17 00:00:00 2001 From: James Date: Mon, 20 Apr 2026 13:57:26 +0100 Subject: [PATCH 5/7] mesh-2816: revert pr-lint --- .github/workflows/pr-lint.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml index 8fdbb29..4d248a0 100644 --- a/.github/workflows/pr-lint.yaml +++ b/.github/workflows/pr-lint.yaml @@ -1,7 +1,5 @@ name: PR Quality Check on: pull_request -permissions: - pull-requests: write jobs: link-ticket: runs-on: ubuntu-latest From 3db55a85818fd665b5d54bb5e9c46ae22482e983 Mon Sep 17 00:00:00 2001 From: James Date: Mon, 20 Apr 2026 14:00:07 +0100 Subject: [PATCH 6/7] mesh-2816: give pr-lint write --- .github/workflows/pr-lint.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml index 4d248a0..8fdbb29 100644 --- a/.github/workflows/pr-lint.yaml +++ b/.github/workflows/pr-lint.yaml @@ -1,5 +1,7 @@ name: PR Quality Check on: pull_request +permissions: + pull-requests: write jobs: link-ticket: runs-on: ubuntu-latest From 99f24e81f825eacd3449e12201904f2eaf13cfb5 Mon Sep 17 00:00:00 2001 From: James Date: Wed, 22 Apr 2026 14:48:31 +0100 Subject: [PATCH 7/7] mesh-2816: update failing job --- .github/workflows/pr-lint.yaml | 38 ++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml index 8fdbb29..f8397d9 100644 --- a/.github/workflows/pr-lint.yaml +++ b/.github/workflows/pr-lint.yaml @@ -22,10 +22,36 @@ jobs: - name: Comment on PR if: contains(github.event.pull_request.head.ref, 'apm-') || contains(github.event.pull_request.head.ref, 'APM-') || contains(github.event.pull_request.head.ref, 'mesh-') || contains(github.event.pull_request.head.ref, 'MESH-') || contains(github.event.pull_request.head.ref, 'mesh2cloud-') || contains(github.event.pull_request.head.ref, 'MESH2CLOUD-') || contains(github.event.pull_request.head.ref, 'spii-') || contains(github.event.pull_request.head.ref, 'SPII-') || contains(github.event.pull_request.head.ref, 'spinecore-') || contains(github.event.pull_request.head.ref, 'SPINECORE-') - uses: unsplash/comment-on-pr@b5610c6125a7197eaec80072ea35ef53e1fc6035 # v1.3.1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: actions/github-script@v7 with: - msg: | - This branch is work on a ticket in the NHS Digital AMB JIRA Project. Here's a handy link to the ticket: - # [${{ env.TICKET_NAME }}](https://jira.digital.nhs.uk/browse/${{ env.TICKET_NAME}}) + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const marker = ''; + const body = `${marker}\nThis branch is work on a ticket in the NHS Digital AMB JIRA Project. Here's a handy link to the ticket:\n# [${process.env.TICKET_NAME}](https://jira.digital.nhs.uk/browse/${process.env.TICKET_NAME})`; + + const { data: comments } = await github.rest.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + per_page: 100, + }); + + const existing = comments.find((comment) => + comment.user?.type === 'Bot' && comment.body?.includes(marker) + ); + + if (existing) { + await github.rest.issues.updateComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: existing.id, + body, + }); + } else { + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + body, + }); + }