From: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Date: Mon, 7 Sep 2020 09:43:49 +0000 (+0200)
Subject: Move to automated dependabot merging
X-Git-Tag: v20.0.0beta4~42^2~1
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=91e463ff007848f88786954d7ccdef2098fe6680;p=nextcloud-server.git

Move to automated dependabot merging

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
---

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000000..ab959ecac6e
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,92 @@
+version: 2
+updates:
+# Linting and coding style
+- package-ecosystem: composer
+  directory: "/"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - "feature: dependencies"
+
+# Main master npm
+- package-ecosystem: npm
+  directory: "/"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - "feature: dependencies"
+
+# Testing master npm
+- package-ecosystem: npm
+  directory: "/build"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - "feature: dependencies"
+
+# Testing master composer
+- package-ecosystem: composer
+  directory: "/build/integration"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - "feature: dependencies"
+
+
+# Main stableXX npm
+- package-ecosystem: npm
+  directory: "/"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  open-pull-requests-limit: 10
+  # Only allow updates to the lockfile
+  versioning-strategy: lockfile-only
+  target-branch:
+  - stable19
+  - stable18
+  - stable17
+  labels:
+  - 3. to review
+  - "feature: dependencies"
+
+# Testing StableXX composer
+- package-ecosystem: composer
+  directory: "/build/integration"
+  schedule:
+    interval: weekly
+    day: saturday
+    time: "03:00"
+    timezone: Europe/Paris
+  open-pull-requests-limit: 10
+  # Only allow updates to the lockfile
+  versioning-strategy: lockfile-only
+  target-branch:
+  - stable19
+  - stable18
+  - stable17
+  labels:
+  - 3. to review
+  - "feature: dependencies"
diff --git a/.github/workflows/dependabot-approve-merge.yml b/.github/workflows/dependabot-approve-merge.yml
new file mode 100644
index 00000000000..201d7f5ebf2
--- /dev/null
+++ b/.github/workflows/dependabot-approve-merge.yml
@@ -0,0 +1,19 @@
+name: Dependabot
+on: pull_request
+
+jobs:
+  auto-merge:
+    runs-on: ubuntu-latest
+    steps:
+      # Default github action approve
+      - uses: hmarr/auto-approve-action@v2.0.0
+        if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      # Nextcloud bot approve and merge request
+      - uses: ahmadnassri/action-dependabot-auto-merge@v1
+        if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
+        with:
+          target: patch
+          github-token: ${{ secrets.DEPENDABOT_AUTOMERGE_TOKEN }}