11name : CI
2-
2+ permissions :
3+ contents : write
4+ pull-requests : write
35on :
46 push :
57 branches :
5052 github_token : ${{ secrets.GITHUB_TOKEN }}
5153 publish_dir : .
5254
55+ dependabot :
56+ name : ' Dependabot'
57+ needs : build # After the E2E and build jobs, if one of them fails, it won't merge the PR.
58+ runs-on : ubuntu-latest
59+ if : ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}} # Detect that the PR author is dependabot
60+ steps :
61+ - name : Enable auto-merge for Dependabot PRs
62+ run : gh pr merge --auto --merge "$PR_URL" # Use Github CLI to merge automatically the PR
63+ env :
64+ PR_URL : ${{github.event.pull_request.html_url}}
65+ GITHUB_TOKEN : ${{secrets.GITHUB_TOKEN}}
66+
5367 npm-publish-build :
5468 needs : build
5569 runs-on : ubuntu-latest
@@ -65,14 +79,14 @@ jobs:
6579 run : ' sed -i -E "s/(\"version\": *\"[^\"]+)/\1-${GITHUB_SHA_SHORT}/" package.json'
6680 - name : Disable pre- and post-publish actions
6781 run : ' sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json'
68- - uses : JS-DevTools/npm-publish@v4
82+ - uses : JS-DevTools/npm-publish@v4.1.0
6983 if : github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
7084 with :
7185 token : ${{ secrets.NPM_TOKEN }}
7286 tag : ${{ env.GITHUB_REF_SLUG }}
7387
7488 npm-publish-latest :
75- needs : build
89+ needs : [ build, npm-publish-build]
7690 runs-on : ubuntu-latest
7791 if : github.ref == 'refs/heads/main'
7892 steps :
8498 node-version : 20.x
8599 - name : Disable pre- and post-publish actions
86100 run : ' sed -i -E "s/\"((pre|post)publish)/\"ignore:\1/" package.json'
87- - uses : JS-DevTools/npm-publish@v4
101+ - uses : JS-DevTools/npm-publish@v4.1.0
88102 if : github.actor != 'dependabot[bot]' && github.actor != 'dependabot-preview[bot]'
89103 with :
90104 token : ${{ secrets.NPM_TOKEN }}
0 commit comments