Use Renovate Github App instead of Dependabot (drasi-project#240)

amansinghoriginal · ruokun-niu · commit b314f6b1f86b · 2025-06-20T10:00:55.000-07:00
* Use Renovate Github App instead of Dependabot

Signed-off-by: ruokun-niu &lt;ruokunniu@gmail.com&gt;
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -0,0 +1,39 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base"
+  ],
+  "schedule": ["before 8am on monday"],
+  "timezone": "America/Los_Angeles",
+  "prConcurrentLimit": 10,
+  "dependencyDashboard": true,
+  "vulnerabilityAlerts": {
+    "enabled": true,
+    "labels": ["security", "vulnerability"]
+  },
+  "packageRules": [
+    {
+      "description": "Group stable patch updates for potential automerge",
+      "matchUpdateTypes": ["patch"],
+      "minimumReleaseAge": "7 days",
+      "automerge": false,
+      "platformAutomerge": false,
+      "addLabels": ["automerge-patch-candidate"],
+      "groupName": "Safe Patch Updates"
+    },
+    {
+      "description": "Group stable minor updates for potential automerge",
+      "matchUpdateTypes": ["minor"],
+      "minimumReleaseAge": "14 days",
+      "automerge": false,
+      "platformAutomerge": false,
+      "addLabels": ["automerge-minor-candidate"],
+      "groupName": "Safe Minor Updates"
+    },
+    {
+      "description": "Require dashboard approval for major updates, create separate PRs",
+      "matchUpdateTypes": ["major"],
+      "dependencyDashboardApproval": true
+    }
+  ]
+}
diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
@@ -0,0 +1,97 @@
+name: Automerge Renovate PRs
+
+on:
+  schedule:
+    # Runs at 12:00 PM Pacific Time on Wednesdays.
+    - cron: '0 19 * * 3'
+  workflow_dispatch: # Allows manual triggering
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  automerge:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Automerge PRs
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const owner = context.repo.owner;
+            const repo = context.repo.repo;
+            const now = new Date();
+
+            async function processPRs(label, daysToWait, mergeMethod = 'squash') {
+              console.log(`\n--- Processing PRs with label: ${label}, waiting ${daysToWait} days ---`);
+              const { data: prs } = await github.rest.pulls.list({
+                owner,
+                repo,
+                state: 'open',
+                per_page: 10,
+              });
+
+              let foundPrsWithLabel = 0;
+
+              for (const pr of prs) {
+                if (!pr.labels.find(l => l.name === label)) {
+                  continue;
+                }
+                foundPrsWithLabel++;
+                console.log(`\nProcessing PR #${pr.number} ('${pr.title}')`);
+
+                const createdAt = new Date(pr.created_at);
+                const ageInMilliseconds = now - createdAt;
+                const requiredAgeInMilliseconds = daysToWait * 24 * 60 * 60 * 1000;
+
+                if (ageInMilliseconds < requiredAgeInMilliseconds) {
+                  const ageHours = Math.floor(ageInMilliseconds / (1000 * 60 * 60));
+                  const requiredHours = daysToWait * 24;
+                  console.log(`  PR #${pr.number} is too new. Age: ${ageHours} hours. Required: ${requiredHours} hours (${daysToWait} days).`);
+                  continue;
+                }
+                console.log(`  PR #${pr.number} is old enough.`);
+
+                // Check CI status using combined status for the PR's head commit
+                const { data: status } = await github.rest.repos.getCombinedStatusForRef({
+                  owner,
+                  repo,
+                  ref: pr.head.sha,
+                });
+
+                if (status.state !== 'success') {
+                  console.log(`  PR #${pr.number} CI status is '${status.state}' (not 'success'). Skipping merge.`);
+                  continue;
+                }
+                console.log(`  PR #${pr.number} CI status is 'success'.`);
+
+                // Attempt to merge
+                try {
+                  console.log(`  Attempting to merge PR #${pr.number} with method '${mergeMethod}'...`);
+                  await github.rest.pulls.merge({
+                    owner,
+                    repo,
+                    pull_number: pr.number,
+                    merge_method: mergeMethod,
+                  });
+                  console.log(`  Successfully merged PR #${pr.number}.`);
+                } catch (error) {
+                  console.error(`  Failed to merge PR #${pr.number}: ${error.message}`);
+                  if (error.response && error.response.data) {
+                    console.error(`  Error details: ${JSON.stringify(error.response.data, null, 2)}`);
+                  }
+                }
+              }
+              if (foundPrsWithLabel === 0) {
+                console.log(`No open PRs found with label '${label}'.`);
+              }
+            }
+
+            console.log("Starting automerge workflow...");
+            await processPRs("automerge-patch-candidate", 3, 'squash'); // Patches wait 3 days
+            await processPRs("automerge-minor-candidate", 10, 'squash'); // Minors wait 10 days
+            console.log("Automerge workflow finished.");
