Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-08-07 06:25:32 +01:00
Code Issues Projects Releases Packages Wiki Activity

Use @servo-bot token for approving dependabot PR (#30222)

Browse source 
The default GITHUB_TOKEN is created for 'github-bot' user and has limitations.
Specifically, events generated by this github-bot
cannot trigger additional workflows.

This PR uses fine-grained PAT generated for @servo-bot account with the
permissions scoped to servo/servo repo and grants the
'contents: write' and 'pull_request: write' permissions.

Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This commit is contained in:
Mukilan Thiyagarajan 2023-08-28 15:06:12 +05:30 committed by GitHub
parent 528d6dfc98
commit 43d4d0103a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.github/workflows/dependabot-pr.yml vendored
View file

@ -2,8 +2,7 @@ name: Approve & merge successful dependabot patch upgrade PRs
on: pull_request on: pull_request
permissions: permissions:
contents: write pull-requests: read
pull-requests: write
jobs: jobs:
dependabot: dependabot:
@ -13,8 +12,6 @@ jobs:
- name: Dependabot metadata - name: Dependabot metadata
id: metadata id: metadata
uses: dependabot/fetch-metadata@v1 uses: dependabot/fetch-metadata@v1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Approve the PR & enable auto-merge - name: Approve the PR & enable auto-merge
if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' }} if: ${{ steps.metadata.outputs.update-type == 'version-update:semver-patch' }}
run: | run: |
@ -22,4 +19,4 @@ jobs:
gh pr merge --auto --merge "$PR_URL" gh pr merge --auto --merge "$PR_URL"
env: env:
PR_URL: ${{github.event.pull_request.html_url}} PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} GH_TOKEN: ${{secrets.SERVO_DEPENDABOT_TOKEN}}