chore: remove mergify (#1196)

* feat: autoapprove dependabot PRs without mergify * chore: remove mergify * fix: approve dependabot PRs as OSDS bot
2026-03-12 18:07:10 -04:00 · 2024-11-05 15:55:23 -08:00
parent b47a85173f
commit 16ffc4e9d9
4 changed files with 71 additions and 46 deletions
--- a/.github/workflows/automerge-approved-prs.yml
+++ b/.github/workflows/automerge-approved-prs.yml
@@ -0,0 +1,34 @@
+on:
+  pull_request_review:
+    types: submitted
+
+jobs:
+  approved_pr:
+    name: Automerge approved PRs
+    permissions:
+      contents: write
+      pull-requests: write
+    if: >-
+      github.event.review.state == 'approved' &&
+      github.event.repository == 'aws/configure-aws-credentials' &&
+      (github.event.review.author_association == 'OWNER' || github.event.review.user.login == 'aws-sdk-osds')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-west-2
+          role-to-assume: ${{ secrets.SECRETS_AWS_PACKAGING_ROLE_TO_ASSUME }}
+          role-duration-seconds: 900
+          role-session-name: SecretsManagerFetch
+      - name: Get bot user token
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          parse-json-secrets: true
+          secret-ids: |
+            OSDS,arn:aws:secretsmanager:us-west-2:206735643321:secret:github-aws-sdk-osds-automation-gebs9n
+      - name: Enable PR automerge
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ env.OSDS_ACCESS_TOKEN }}
--- a/.github/workflows/dependabot-autoapprove.yml
+++ b/.github/workflows/dependabot-autoapprove.yml
@@ -0,0 +1,37 @@
+name: Dependabot auto-approve
+on: pull_request
+permissions:
+  pull-requests: write
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'aws/configure-aws-credentials'
+    steps:
+      - name: Get Metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v2
+      - uses: actions/checkout@v4
+        name: Clone repo
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-west-2
+          role-to-assume: ${{ secrets.SECRETS_AWS_PACKAGING_ROLE_TO_ASSUME }}
+          role-duration-seconds: 900
+          role-session-name: SecretsManagerFetch
+      - name: Get bot user token
+        uses: aws-actions/aws-secretsmanager-get-secrets@v2
+        with:
+          parse-json-secrets: true
+          secret-ids: |
+            OSDS,arn:aws:secretsmanager:us-west-2:206735643321:secret:github-aws-sdk-osds-automation-gebs9n
+      - name: Approve PR if not already approved
+        run: |
+          gh pr checkout "$PR_URL"
+          if [ "$(gh pr status --json reviewDecision - q .currentBranch.reviewDecision)" != "APPROVED" ]; then
+            gh pr review "$PR_URL" --approve
+          else echo "PR already approved"
+          fi
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GITHUB_TOKEN: ${{ env.OSDS_ACCESS_TOKEN }}
--- a/.github/workflows/package-dist.yml
+++ b/.github/workflows/package-dist.yml
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -1,46 +0,0 @@
-queue_rules:
-  - name: default
-    conditions:
-      # Conditions to merge a queued PR
-      - check-success=Run unit tests (windows-latest)
-      - check-success=Run unit tests (ubuntu-latest)
-      - check-success=Run unit tests (macos-latest)
-      - "#approved-reviews-by>=1"
-      - -approved-reviews-by~=author
-
-pull_request_rules:
-  - name: Automatically merge on CI success and review approval
-    conditions:
-      - base~=main|integ-tests
-      - "#approved-reviews-by>=1"
-      - -approved-reviews-by~=author
-      - check-success=Run unit tests (windows-latest)
-      - check-success=Run unit tests (ubuntu-latest)
-      - check-success=Run unit tests (macos-latest)
-      - label!=work-in-progress
-      - -title~=(WIP|wip)
-      - -merged
-      - -closed
-      - author!=dependabot[bot]
-    actions:
-      queue:
-        method: squash
-        name: default
-
-  - name: Automatically approve and merge Dependabot PRs
-    conditions:
-      - base~=main
-      - author=dependabot[bot]
-      - check-success=Run unit tests (windows-latest)
-      - check-success=Run unit tests (ubuntu-latest)
-      - check-success=Run unit tests (macos-latest)
-      - -title~=(WIP|wip)
-      - -label~=(blocked|do-not-merge)
-      - -merged
-      - -closed
-    actions:
-      review:
-        type: APPROVE
-      queue:
-        method: squash
-        name: default