Update dependabot PR auto-closing job to also lock (#22021)

* Update auto-closing job to also lock the PR * Follow security best practice using env vars instead of string supplanting * Mark the lock_reason as 'resolved' instead of 'spam' for clarity * Rethrow the error is locking fails to prevent unnecessary swallowing for this non-blocking workflow
2026-01-08 03:01:54 -05:00 · 2021-10-08 11:42:41 -05:00
parent 2ea2e9d64d
commit 245271ee36
1 changed files with 26 additions and 1 deletions
--- a/.github/workflows/automerge-dependencies.yml
+++ b/.github/workflows/automerge-dependencies.yml
@@ -52,10 +52,35 @@ jobs:
      }}
    runs-on: ubuntu-latest
    steps:
-      - name: Close and comment on the pull request
+      - name: Close pull request
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_URL: ${{ github.event.pull_request.html_url }}
        run: |
          gh pr close "$PR_URL"
+
+      - name: Comment on the pull request
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
          gh pr comment "$PR_URL" --body "This dependency update will be handled internally by our engineering team."
+
+      # Because we get far too much spam ;_;
+      - name: Lock conversations
+        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        with:
+          script: |
+            try {
+              await github.issues.lock({
+                ...context.repo,
+                issue_number: parseInt(process.env.PR_NUMBER, 10),
+                lock_reason: 'resolved'
+              })
+              console.log('Locked the pull request to prevent spam!')
+            } catch (error) {
+              console.error(`Failed to lock the pull request. Error: ${error}`)
+              throw error
+            }