chore: simplify release flow + fix release-guard hook output format #84
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dependabot auto-merge | |
| on: pull_request | |
| permissions: {} | |
| jobs: | |
| auto-merge: | |
| if: github.actor == 'dependabot[bot]' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # merge dependabot PRs | |
| pull-requests: write # enable auto-merge + comment on major bumps | |
| steps: | |
| - name: Fetch Dependabot metadata | |
| id: metadata | |
| uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0 | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| # GitHub Actions deps (CI-only, never shipped to users) — auto-merge all, | |
| # including major bumps. If CI passes, the update is safe by definition. | |
| - name: Auto-merge GitHub Actions updates | |
| if: >- | |
| steps.metadata.outputs.package-ecosystem == 'github_actions' | |
| run: gh pr merge --auto --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Python deps (shipped in wheel) — auto-merge patch and minor only. | |
| # Major version bumps may have breaking API changes and need manual review. | |
| - name: Auto-merge Python patch and minor updates | |
| if: >- | |
| steps.metadata.outputs.package-ecosystem == 'pip' | |
| && steps.metadata.outputs.update-type != 'version-update:semver-major' | |
| run: gh pr merge --auto --squash "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Flag Python major updates for manual review | |
| if: >- | |
| steps.metadata.outputs.package-ecosystem == 'pip' | |
| && steps.metadata.outputs.update-type == 'version-update:semver-major' | |
| run: gh pr comment "$PR_URL" --body "This is a **major Python dependency update** — requires manual review before merging. CI-only deps (GitHub Actions) are auto-merged regardless of version bump." | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |