diff --git a/.github/workflows/code_health_fork.yaml b/.github/workflows/code_health_fork.yaml index bf8c408e..0fa75309 100644 --- a/.github/workflows/code_health_fork.yaml +++ b/.github/workflows/code_health_fork.yaml @@ -10,9 +10,10 @@ permissions: {} jobs: run-tests: name: Run MongoDB tests - if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.head.repo.full_name != github.repository + if: github.event.pull_request.head.repo.full_name != github.repository runs-on: ubuntu-latest steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - uses: actions/checkout@v4 - uses: actions/setup-node@v4 @@ -29,78 +30,3 @@ jobs: with: name: test-results path: coverage/lcov.info - - run-atlas-tests: - name: Run Atlas tests - if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.head.repo.full_name != github.repository - runs-on: ubuntu-latest - steps: - - uses: GitHubSecurityLab/actions-permissions/monitor@v1 - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: package.json - cache: "npm" - - name: Install dependencies - run: npm ci - - name: Run tests - env: - MDB_MCP_API_CLIENT_ID: ${{ secrets.TEST_ATLAS_CLIENT_ID }} - MDB_MCP_API_CLIENT_SECRET: ${{ secrets.TEST_ATLAS_CLIENT_SECRET }} - MDB_MCP_API_BASE_URL: ${{ vars.TEST_ATLAS_BASE_URL }} - run: npm test -- --testPathIgnorePatterns "tests/integration/tools/mongodb" --testPathIgnorePatterns "tests/integration/[^/]+\.ts" - - name: Upload test results - uses: actions/upload-artifact@v4 - if: always() - with: - name: atlas-test-results - path: coverage/lcov.info - - coverage: - name: Report Coverage - if: always() && github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.head.repo.full_name != github.repository - runs-on: ubuntu-latest - needs: [run-tests, run-atlas-tests] - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: package.json - cache: "npm" - - name: Install dependencies - run: npm ci - - name: Download test results - uses: actions/download-artifact@v4 - with: - name: test-results - path: coverage/mongodb - - name: Download atlas test results - uses: actions/download-artifact@v4 - with: - name: atlas-test-results - path: coverage/atlas - - name: Merge coverage reports - run: | - npx -y lcov-result-merger@5.0.1 "coverage/*/lcov.info" "coverage/lcov.info" - - name: Coveralls GitHub Action - uses: coverallsapp/github-action@v2.3.6 - with: - file: coverage/lcov.info - git-branch: ${{ github.head_ref || github.ref_name }} - git-commit: ${{ github.event.pull_request.head.sha || github.sha }} - - merge-dependabot-pr: - name: Merge Dependabot PR - if: github.event.pull_request.user.login == 'dependabot[bot]' - runs-on: ubuntu-latest - permissions: - pull-requests: write - contents: write - needs: - - coverage - steps: - - name: Enable auto-merge for Dependabot PRs - run: gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml new file mode 100644 index 00000000..f1ffa2f9 --- /dev/null +++ b/.github/workflows/dependabot.yaml @@ -0,0 +1,22 @@ +--- +name: Enable Auto Merge on Dependabot PRs +on: + pull_request: + +permissions: {} + +jobs: + merge-dependabot-pr: + name: Merge Dependabot PR + if: github.event.pull_request.user.login == 'dependabot[bot]' + runs-on: ubuntu-latest + permissions: + pull-requests: write + contents: write + steps: + - uses: GitHubSecurityLab/actions-permissions/monitor@v1 + - name: Enable auto-merge for Dependabot PRs + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}