mirror of
https://github.com/aws-actions/configure-aws-credentials.git
synced 2026-03-12 18:07:10 -04:00
39 lines
1.4 KiB
YAML
39 lines
1.4 KiB
YAML
name: Dependabot auto-approve
|
|
on: pull_request
|
|
permissions:
|
|
pull-requests: write
|
|
id-token: write
|
|
jobs:
|
|
dependabot:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'aws-actions/configure-aws-credentials' }}
|
|
steps:
|
|
- name: Get Metadata
|
|
id: dependabot-metadata
|
|
uses: dependabot/fetch-metadata@v2
|
|
- uses: actions/checkout@v4
|
|
name: Clone repo
|
|
- name: Configure AWS credentials
|
|
uses: aws-actions/configure-aws-credentials@v4
|
|
with:
|
|
aws-region: us-west-2
|
|
role-to-assume: ${{ secrets.SECRETS_AWS_PACKAGING_ROLE_TO_ASSUME }}
|
|
role-duration-seconds: 900
|
|
role-session-name: DependabotSMFetch
|
|
- name: Get bot user token
|
|
uses: aws-actions/aws-secretsmanager-get-secrets@v2
|
|
with:
|
|
parse-json-secrets: true
|
|
secret-ids: |
|
|
OSDS,arn:aws:secretsmanager:us-west-2:206735643321:secret:github-aws-sdk-osds-automation-gebs9n
|
|
- name: Approve PR if not already approved
|
|
run: |
|
|
gh pr checkout "$PR_URL"
|
|
if [ "$(gh pr status --json reviewDecision - q .currentBranch.reviewDecision)" != "APPROVED" ]; then
|
|
gh pr review "$PR_URL" --approve
|
|
else echo "PR already approved"
|
|
fi
|
|
env:
|
|
PR_URL: ${{ github.event.pull_request.html_url }}
|
|
GITHUB_TOKEN: ${{ env.OSDS_ACCESS_TOKEN }}
|