Deployment Auto-Approver #451
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deployment Auto-Approver | |
# using triggers for every deployment and allowed manually | |
# docs on these triggers: | |
on: | |
# allows manually triggering (see https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch) | |
workflow_dispatch: | |
schedule: | |
# 08:30 UTC daily (see https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule) | |
- cron: "30 08 * * *" | |
# the only problem with the 'deployment' trigger is that dependabot PRs are considered from forked repos and the token doesn't have permission to approve (see https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#deployment) | |
# deployment: | |
jobs: | |
auto_approve: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Auto Approve Deploys | |
uses: activescott/automate-environment-deployment-approval@main | |
with: | |
github_token: ${{ secrets.GH_TOKEN_FOR_AUTO_APPROVING_DEPLOYS }} | |
environment_allow_list: | | |
aws | |
# e.g. "dependabot[bot]" | |
actor_allow_list: | | |
dependabot[bot] | |
activescott |