Skip to content

chore(deps): update dependency semgrep to v1.103.0 #18079

chore(deps): update dependency semgrep to v1.103.0

chore(deps): update dependency semgrep to v1.103.0 #18079

Workflow file for this run

name: Approve
on:
pull_request:
types:
- labeled
- synchronize
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
name: Renovate
permissions:
issues: write
pull-requests: write
actions: write
runs-on: ubuntu-24.04
steps:
- name: Install uniget
uses: uniget-org/uniget-action@v1
with:
prefix: helper
tools: gojq
- name: Test
env:
GITHUB_TOKEN: ${{ secrets.APPROVE_GITHUB_TOKEN }}
PR: ${{ github.event.pull_request.number }}
run: |
set -o errexit -o pipefail
PR_JSON="$(
curl --silent --show-error --fail --header "Authorization: token ${GITHUB_TOKEN}" \
--url "https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls/${PR}" \
| jq --compact-output '.'
)"
if ! jq --raw-output '.labels[].name' <<<"${PR_JSON}" | grep -q "^type/renovate$"; then
echo "PR ${PR} does not have label type/renovate. Skipping"
exit
fi
COMMIT_SHA="$( jq --raw-output '.head.sha' <<<"${PR_JSON}" )"
echo "Latest commit in PR ${PR} is ${COMMIT_SHA}"
REVIEW_ID="$(
curl --silent --show-error --fail --header "Authorization: token ${GITHUB_TOKEN}" \
--url "https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls/${PR}/reviews" \
| jq --raw-output --arg sha "${COMMIT_SHA}" '.[] | select(.state == "APPROVED" and .commit_id == $sha) | .id' \
| xargs echo
)"
if test -n "${REVIEW_ID}"; then
echo "PR ${PR} is already approved (ID ${REVIEW_ID}). Canceling"
curl --silent --show-error --fail --header "Authorization: token ${GITHUB_TOKEN}" \
--request POST \
--url "https://api.github.com/repos/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}/cancel"
fi
echo "Approving PR ${PR}"
NEW_REVIEW_ID="$(
curl --silent --show-error --fail --header "Authorization: token ${GITHUB_TOKEN}" \
--url "https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls/${PR}/reviews" \
--request POST \
--data '{"commit_id": "'${COMMIT_SHA}'", "body": "Auto-approved because label type/renovate is present.", "event": "APPROVE"}' \
| jq --raw-output '.id'
)"
echo "Review ID is ${NEW_REVIEW_ID}"