feat: create dependabot auto-update (#76)

DestroyCom · web-flow · commit b4f68fdf32a7 · 2025-04-02T23:38:29.000+02:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+updates:
+  - package-ecosystem: npm
+    directory: "/"
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
diff --git a/.github/workflows/dependabot_auto_approve.yml b/.github/workflows/dependabot_auto_approve.yml
@@ -0,0 +1,24 @@
+name: Dependabot auto-approve
+on: pull_request_target
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Enable auto-merge for Dependabot PRs for specific dependencies
+        if: ${{ contains(steps.metadata.outputs.dependency-names, '@distube/ytdl-core') || contains(steps.metadata.outputs.dependency-names, '@distube/ytsr') }}
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/dependabot_release.yml b/.github/workflows/dependabot_release.yml
@@ -0,0 +1,25 @@
+name: Trigger Release After Dependabot Merge
+
+on:
+  pull_request:
+    types: [closed]
+    branches:
+      - master
+
+jobs:
+  trigger_release:
+    if: github.event.pull_request.merged == true && github.actor == 'dependabot[bot]' && contains(github.event.pull_request.title, '@distube/')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Wait for other workflows
+        run: sleep 30
+
+      - name: Trigger release workflow
+        uses: peter-evans/repository-dispatch@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          event-type: trigger-release
+          client-payload: '{"source": "dependabot-auto-merge"}'
diff --git a/.github/workflows/deploy_version.yml b/.github/workflows/deploy_version.yml
@@ -5,6 +5,8 @@ on:
     branches:
       - prod
   workflow_dispatch:
+  repository_dispatch:
+    types: [trigger-release]
 
 jobs:
   create_tag:
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "stroygetter",
-  "version": "3.1.0-beta.4",
+  "version": "3.1.0",
   "private": true,
   "scripts": {
     "dev": "next dev",
@@ -11,7 +11,7 @@
     "db:deploy": "npx prisma migrate deploy && npx prisma generate"
   },
   "dependencies": {
-    "@distube/ytdl-core": "^4.16.0",
+    "@distube/ytdl-core": "^4.16.6",
     "@distube/ytsr": "^2.0.4",
     "@ffmpeg-installer/ffmpeg": "^1.1.0",
     "@icons-pack/react-simple-icons": "^10.2.0",
