From 245271ee36f491f8b0ec4290649e674c06fcfbcf Mon Sep 17 00:00:00 2001 From: "James M. Greene" Date: Fri, 8 Oct 2021 11:42:41 -0500 Subject: [PATCH] Update dependabot PR auto-closing job to also lock (#22021) * Update auto-closing job to also lock the PR * Follow security best practice using env vars instead of string supplanting * Mark the lock_reason as 'resolved' instead of 'spam' for clarity * Rethrow the error is locking fails to prevent unnecessary swallowing for this non-blocking workflow --- .github/workflows/automerge-dependencies.yml | 27 +++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/.github/workflows/automerge-dependencies.yml b/.github/workflows/automerge-dependencies.yml index 7a15b9aaf9..360c1ab9ef 100644 --- a/.github/workflows/automerge-dependencies.yml +++ b/.github/workflows/automerge-dependencies.yml @@ -52,10 +52,35 @@ jobs: }} runs-on: ubuntu-latest steps: - - name: Close and comment on the pull request + - name: Close pull request env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} PR_URL: ${{ github.event.pull_request.html_url }} run: | gh pr close "$PR_URL" + + - name: Comment on the pull request + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PR_URL: ${{ github.event.pull_request.html_url }} + run: | gh pr comment "$PR_URL" --body "This dependency update will be handled internally by our engineering team." + + # Because we get far too much spam ;_; + - name: Lock conversations + uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d + env: + PR_NUMBER: ${{ github.event.pull_request.number }} + with: + script: | + try { + await github.issues.lock({ + ...context.repo, + issue_number: parseInt(process.env.PR_NUMBER, 10), + lock_reason: 'resolved' + }) + console.log('Locked the pull request to prevent spam!') + } catch (error) { + console.error(`Failed to lock the pull request. Error: ${error}`) + throw error + }