-
Notifications
You must be signed in to change notification settings - Fork 35
/
action.js
122 lines (103 loc) · 3.5 KB
/
action.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
'use strict'
const core = require('@actions/core')
const toolkit = require('actions-toolkit')
const packageInfo = require('../package.json')
const { githubClient } = require('./github-client')
const { logInfo, logWarning, logError } = require('./log')
const { getInputs, parseCommaOrSemicolonSeparatedValue } = require('./util')
const { verifyCommits } = require('./verifyCommitSignatures')
const { dependabotAuthor } = require('./getDependabotDetails')
const { updateTypes } = require('./mapUpdateType')
const { updateTypesPriority } = require('./mapUpdateType')
module.exports = async function run({
github,
context,
inputs,
dependabotMetadata,
}) {
const { updateType } = dependabotMetadata
const dependencyNames = parseCommaOrSemicolonSeparatedValue(
dependabotMetadata.dependencyNames
)
const {
MERGE_METHOD,
EXCLUDE_PKGS,
MERGE_COMMENT,
APPROVE_ONLY,
USE_GITHUB_AUTO_MERGE,
TARGET,
PR_NUMBER,
SKIP_COMMIT_VERIFICATION,
} = getInputs(inputs)
try {
toolkit.logActionRefWarning()
const { pull_request } = context.payload
if (!pull_request && !PR_NUMBER) {
return logError(
'This action must be used in the context of a Pull Request or with a Pull Request number'
)
}
const client = githubClient(github, context)
const pr = pull_request || (await client.getPullRequest(PR_NUMBER))
const isDependabotPR = pr.user.login === dependabotAuthor
if (!isDependabotPR) {
return logWarning('Not a dependabot PR, skipping.')
}
const commits = await client.getPullRequestCommits(pr.number)
if (!commits.every(commit => commit.author?.login === dependabotAuthor)) {
return logWarning('PR contains non dependabot commits, skipping.')
}
if (!SKIP_COMMIT_VERIFICATION) {
try {
verifyCommits(commits)
} catch {
return logWarning(
'PR contains invalid dependabot commit signatures, skipping.'
)
}
}
if (
TARGET !== updateTypes.any &&
updateTypesPriority.indexOf(updateType) >
updateTypesPriority.indexOf(TARGET)
) {
core.setFailed(
`Semver bump is higher than allowed in TARGET.
Tried to do a '${updateType}' update but the max allowed is '${TARGET}'`
)
return
}
const changedExcludedPackages = EXCLUDE_PKGS.filter(
pkg => dependencyNames.indexOf(pkg) > -1
)
// TODO: Improve error message for excluded packages?
if (changedExcludedPackages.length > 0) {
return logInfo(`${changedExcludedPackages.length} package(s) excluded: \
${changedExcludedPackages.join(', ')}. Skipping.`)
}
if (
dependencyNames.indexOf(packageInfo.name) > -1 &&
updateType === updateTypes.major
) {
const upgradeMessage = `Cannot automerge ${packageInfo.name} major release.
Read how to upgrade it manually:
https://github.com/fastify/${packageInfo.name}#how-to-upgrade-from-2x-to-new-3x`
core.setFailed(upgradeMessage)
return
}
await client.approvePullRequest(pr.number, MERGE_COMMENT)
if (APPROVE_ONLY) {
return logInfo(
'APPROVE_ONLY set, PR was approved but it will not be merged'
)
}
if (USE_GITHUB_AUTO_MERGE) {
await client.enableAutoMergePullRequest(pr.node_id, MERGE_METHOD)
return logInfo('USE_GITHUB_AUTO_MERGE set, PR was marked as auto-merge')
}
await client.mergePullRequest(pr.number, MERGE_METHOD)
logInfo('Dependabot merge completed')
} catch (error) {
core.setFailed(error.message)
}
}