Renovate Terraform #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Renovate Terraform | |
| on: status | |
| jobs: | |
| collect_details: | |
| name: Collect details | |
| runs-on: ubuntu-latest | |
| outputs: | |
| branch: ${{ steps.event.outputs.branch }} | |
| commit_author: ${{ steps.event.outputs.commit_author }} | |
| context: ${{ steps.event.outputs.context }} | |
| description: ${{ steps.event.outputs.description }} | |
| pr_author: ${{ steps.pr.outputs.pr_author }} | |
| pr_author_is_bot: ${{ steps.pr.outputs.pr_author_is_bot }} | |
| pr_mergeable: ${{ steps.pr.outputs.pr_mergeable }} | |
| pr_number: ${{ steps.pr.outputs.pr_number }} | |
| pr_state: ${{ steps.pr.outputs.pr_state }} | |
| sender: ${{ steps.event.outputs.sender.login }} | |
| state: ${{ steps.event.outputs.state }} | |
| verified: ${{ steps.event.outputs.verified }} | |
| steps: | |
| - name: Obtain token | |
| id: token | |
| uses: tibdex/github-app-token@v1 | |
| with: | |
| app_id: ${{ secrets.RENOVATE_APP_ID }} | |
| private_key: ${{ secrets.RENOVATE_APP_PK }} | |
| - name: Event details | |
| id: event | |
| run: | | |
| echo "branch=${{ github.event.branches[0].name }}" >> $GITHUB_OUTPUT | |
| echo "branch: ${{ github.event.branches[0].name }}" | |
| echo "commit_author=${{ github.event.commit.author.login }}" >> $GITHUB_OUTPUT | |
| echo "commit_author: ${{ github.event.commit.author.login }}" | |
| echo "commit_sha=${{ github.event.sha }}" >> $GITHUB_OUTPUT | |
| echo "commit_sha: ${{ github.event.sha }}" | |
| echo "context=${{ github.event.context }}" >> $GITHUB_OUTPUT | |
| echo "context: ${{ github.event.context }}" | |
| echo "description=${{ github.event.description }}" >> $GITHUB_OUTPUT | |
| echo "description: ${{ github.event.description }}" | |
| echo "sender=${{ github.event.sender.login }}" >> $GITHUB_OUTPUT | |
| echo "sender: ${{ github.event.sender.login }}" | |
| echo "state=${{ github.event.state }}" >> $GITHUB_OUTPUT | |
| echo "state: ${{ github.event.state }}" | |
| echo "verified=${{ github.event.commit.commit.verification.verified }}" >> $GITHUB_OUTPUT | |
| echo "verified: ${{ github.event.commit.commit.verification.verified }}" | |
| - name: Pull request details | |
| id: pr | |
| env: | |
| GITHUB_TOKEN: ${{ steps.token.outputs.token }} | |
| run: | | |
| export PR=$(gh pr list --repo "$GITHUB_REPOSITORY" --author '${{ vars.RENOVATE_USERNAME }}' --json author,mergeable,number,state --search '${{ steps.event.outputs.commit_sha }}') | |
| echo "pr_author=$(echo $PR | jq -r '.[0].author.login')" >> $GITHUB_OUTPUT | |
| echo "pr_author: $(echo $PR | jq -r '.[0].author.login')" | |
| echo "pr_author_is_bot=$(echo $PR | jq -r '.[0].author.is_bot')" >> $GITHUB_OUTPUT | |
| echo "pr_author_is_bot: $(echo $PR | jq -r '.[0].author.is_bot')" | |
| echo "pr_mergeable=$(echo $PR | jq -r '.[0].mergeable')" >> $GITHUB_OUTPUT | |
| echo "pr_mergeable: $(echo $PR | jq -r '.[0].mergeable')" | |
| echo "pr_number=$(echo $PR | jq -r '.[0].number')" >> $GITHUB_OUTPUT | |
| echo "pr_number: $(echo $PR | jq -r '.[0].number')" | |
| echo "pr_state=$(echo $PR | jq -r '.[0].state')" >> $GITHUB_OUTPUT | |
| echo "pr_state: $(echo $PR | jq -r '.[0].state')" | |
| automerge: | |
| name: Auto-merge | |
| runs-on: ubuntu-latest | |
| needs: collect_details | |
| if: >- | |
| startsWith(needs.collect_details.outputs.branch, 'renovate/') && | |
| needs.collect_details.outputs.commit_author == vars.RENOVATE_USERNAME && | |
| needs.collect_details.outputs.context == 'Terraform Cloud/ghalactic/repos' && | |
| needs.collect_details.outputs.description == 'Terraform plan has no changes' && | |
| needs.collect_details.outputs.pr_author == vars.RENOVATE_USERNAME && | |
| needs.collect_details.outputs.pr_author_is_bot == 'false' && | |
| needs.collect_details.outputs.pr_mergeable == 'MERGEABLE' && | |
| needs.collect_details.outputs.pr_state == 'OPEN' && | |
| needs.collect_details.outputs.sender == 'terraform-cloud[bot]' && | |
| needs.collect_details.outputs.state == 'success' && | |
| needs.collect_details.outputs.verified == 'true' | |
| steps: | |
| - run: | | |
| echo 'Auto-merging PR #${{ needs.collect_details.outputs.pr_number }}' |