Skip to content

auto approve should process npm package uupdates #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
simongdavies merged 2 commits into from
Apr 9, 2026
Merged

auto approve should process npm package uupdates #45

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4daf35f
auto approve should process npm package uupdates
simongdavies Apr 9, 2026
4194a31
Update scripts/auto-approve-dependabot.sh
simongdavies Apr 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions scripts/auto-approve-dependabot.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ REPO="$1"
echo "Checking for open Dependabot PRs to approve and merge in $REPO..."

# Get all open PRs from dependabot
# We filter so that only PRs that are not from forks and are in branches starting with "dependabot/cargo" are included.
dependabot_prs=$(gh pr list -R "$REPO" --author "dependabot[bot]" --state open --json number,title,reviews,headRepositoryOwner,headRefName | jq --arg repo_owner "$(echo "$REPO" | cut -d'/' -f1)" '[.[] | select(.headRepositoryOwner.login == $repo_owner and (.headRefName | startswith("dependabot/cargo")))]')
# We filter so that only PRs that are not from forks and are in branches starting with "dependabot/cargo" or "dependabot/npm_and_yarn" are included.
dependabot_prs=$(gh pr list -R "$REPO" --author "dependabot[bot]" --state open --json number,title,reviews,headRepositoryOwner,headRefName | jq --arg repo_owner "$(echo "$REPO" | cut -d'/' -f1)" '[.[] | select(.headRepositoryOwner.login == $repo_owner and ((.headRefName | startswith("dependabot/cargo")) or (.headRefName | startswith("dependabot/npm_and_yarn"))))]')
# Exit early if no PRs found
if [ -z "$dependabot_prs" ] || [ "$dependabot_prs" = "[]" ]; then
echo "No open Dependabot PRs found in $REPO"
Expand All @@ -39,16 +39,16 @@ echo "$dependabot_prs" | jq -c '.[]' | while read -r pr; do

# Check if PR only modifies allowed files
pr_files=$(gh pr view "$pr_number" -R "$REPO" --json files)
invalid_files=$(echo "$pr_files" | jq -r '.files[].path' | grep -v -E '(Cargo\.toml|Cargo\.lock)' || true)
invalid_files=$(echo "$pr_files" | jq -r '.files[].path' | grep -v -E '(^|/)(Cargo\.toml|Cargo\.lock|package\.json|package-lock\.json)$' || true)

if [ -n "$invalid_files" ]; then
echo " ❌ PR #$pr_number modifies files that are not allowed for auto-merge:"
printf '%s\n' "$invalid_files" | sed 's/^/ - /'
echo " ℹ️ Only changes to Cargo.toml and Cargo.lock are allowed"
echo " ℹ️ Only changes to Cargo.toml, Cargo.lock, package.json, and package-lock.json are allowed"
continue
fi

echo " ✅ PR #$pr_number only modifies allowed files (Cargo.toml and Cargo.lock)"
echo " ✅ PR #$pr_number only modifies allowed files (Cargo.toml, Cargo.lock, package.json, package-lock.json)"

# First, get detailed PR information including all checks
pr_details=$(gh pr view "$pr_number" -R "$REPO" --json statusCheckRollup,state)
Expand Down
Loading