forked from enterprise-contract/ec-policies
-
Notifications
You must be signed in to change notification settings - Fork 0
30 lines (28 loc) · 1.09 KB
/
enable-auto-merge.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
---
name: Enable auto-merge
"on":
# The pull_request event always runs with read-only permission, see:
# https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/
# However, this workflow needs write permisson so it can set the auto-merge flag on the PR.
# For this reason, the pull_request_target event is used which causes the worfklow to be
# run with read and write access.
# IMPORTANT: This workflow should never clone, build, etc, based on user provided input, see:
# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
pull_request_target:
types:
- opened
- reopened
branches:
- main
permissions:
contents: read
jobs:
enable-auto-merge:
runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'rh-tap-build-team[bot]'
permissions:
contents: write
steps:
- uses: alexwilson/enable-github-automerge-action@17a01113b8abbd73ed84d1210e18c6ed2077752b # main
with:
github-token: ${{ secrets.GITHUB_TOKEN }}