- Create a
.github/dependabot.yaml
file with the shape:
version: 2
updates:
# For Node/NPM
- package-ecosystem: "npm"
directory: "/"
target-branch: staging
schedule:
interval: "weekly"
labels:
- automerge
# For python/pip packages
- package-ecosystem: "pip"
directory: "/"
target-branch: staging
schedule:
interval: "weekly"
labels:
- automerge
# For all repositories with docker
- package-ecosystem: "docker"
directory: "/"
target-branch: staging
schedule:
interval: "weekly"
labels:
- automerge
The above shows the a superset of a dependabot yaml file - you can list all of the different ecosystems that the repository uses. Ensure that you are only adding what the repo has.
The reason for the automerge
label is to enable our automerge functionality.
The automerge
capability we are adding allows dependabot to automagically merge their update PRs into our staging
branch without manual intervention. This is incredibly useful because developers tend to avoid merging these dependency update PRs themselves and they will build up, and get stale.
To add auto merge:
- Create a
.github/workflows/automerge.yaml
file with the shape:
name: Automerge
on:
pull_request:
types: [opened, synchronize, labeled, reopened]
permissions:
contents: write
pull-requests: write
jobs:
pr:
if: contains(github.event.pull_request.labels.*.name, 'automerge')
runs-on: ubuntu-latest
steps:
- name: Merge PR
run: |
gh pr merge --auto --squash --body="[ci skip]" "$PR_URL"
gh pr review --approve "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- Next, navigate to the
settings
page of the repository and scroll down to the Pull Requests section. If you do not have access to this section, drop a message into DevOps. - Check the box next to the option
Allow auto-merge
- Finally, navigate to
labels
page of the repository. This can be found at the/labels
path or by navigating to theIssues
page and clicking theLabels
button to the right of the filter box. - Select
New Label
and create a label calledautomerge
.
To truly make our workflow simpler, this github workflow allows us to always have visibility of differences between staging
and main
by generating/and continuing to keep up-to-date, a PR from staging to main when differences are found.
- Create a
.github/PROMOTE_TEMPLATE.md
file with the shape:
## Description
<!-- Diff summary - START -->
<!-- Diff summary - END -->
## Commits
<!-- Diff commits - START -->
<!-- Diff commits - END -->
## Modified Files
<!-- Diff files - START -->
<!-- Diff files - END -->
- Create a
.github/workflows/promote.yaml
file with the following contents:
name: Promote Staging
on:
push:
branches: [ staging ]
workflow_dispatch:
concurrency:
group: "promote-staging"
cancel-in-progress: true
jobs:
promote-staging:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Create Pull Request
uses: devops-infra/action-pull-request@v0.4.2
with:
github_token: ${{ secrets.NIO_BOT_TOKEN }}
source_branch: staging
target_branch: main
get_diff: true
template: .github/PROMOTE_TEMPLATE.md
title: "chore: promote staging"
- Add a
CODEOWNERS
file to the root of the repo with the following shape:
* @ndustrialio/devs
Ideally, you should set the @ndustrialio/devs
value above to a group that should commonly be notified of these pull requests. The default value above will notify everyone. Other options are:
@ndustrialio/apps-team
@ndustrialio/paas-team
@ndustrialio/csi
@ndustrialio/graphiti-artists
So choose the one that makes the most sense.
This final step of standards here is branch protection, to ensure that we are not allowing merges when we should not be.
- Navigate to the
settings
page of the repository. If you do not have permissions, reach out to DevOps. - Navigate to the
Branches
tab under Code and automation - Add a branch protection rule for
main
and forstaging
, each with:
- Select "Require a pull request before merging" and select the sub-item "Require approvals" with a value of
1
- Select "Require status checks to pass before merging" and "Require branches to be up to date before merging". From the status checks box, select the name of the CI/testing job.
- Everything else can be left alone