Automatically merge Dependabot PRs

.github/workflows/build-reusable.yaml

@@ -0,0 +1,92 @@
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+
+name: build-reusable
+
+on:
+  workflow_call:
+
+jobs:
+
+  build:
+
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ macos-latest, ubuntu-latest, windows-latest ]
+
+    steps:
+
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11   # 4.1.1
+        with:
+          # When running on `pull_request` use the PR branch, not the target branch
+          ref: ${{ github.event_name == 'pull_request_target' && github.head_ref || github.ref }}
+
+      - name: Set up Java
+        uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93   # 3.7.0
+        with:
+          distribution: temurin
+          java-version: ${{ inputs.java-version }}
+          java-package: jdk
+          architecture: x64
+          cache: maven
+
+      # We could have used `verify`, but `clean install` is required while generating the build reproducibility report, which is performed in the next step.
+      # For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
+      - name: Build
+        id: build
+        shell: bash
+        run: |
+          ./mvnw \
+            --show-version --batch-mode --errors --no-transfer-progress \
+            -DtrimStackTrace=false \
+            -DinstallAtEnd=true \
+            clean install
+
+      # We upload tests results if the build fails.
+      - name: Upload test results
+        if: failure() && steps.build.conclusion == 'failure'
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32   # 3.1.3
+        with:
+          name: surefire-${{matrix.os}}-${{github.run_number}}-${{github.run_attempt}}
+          path: |
+            **/target/surefire-reports
+            **/target/logs
+
+      # `clean verify artifact:compare` is required to generate the build reproducibility report.
+      # For details, see: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
+      - name: Verify build reproducibility
+        id: reproducibility
+        shell: bash
+        run: |
+          ./mvnw \
+            --show-version --batch-mode --errors --no-transfer-progress \
+            -DskipTests=true \
+            clean verify artifact:compare
+
+      # We reproducibility results if the build fails.
+      - name: Upload reproducibility results
+        if: failure() && steps.reproducibility.conclusion == 'failure'
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32   # 3.1.3
+        with:
+          name: reproducibility-${{matrix.os}}-${{github.run_number}}-${{github.run_attempt}}
+          path: |
+            **/target/bom.xml
+            **/target/*.buildcompare
+            **/target/*.jar
+            **/target/*.zip
+            **/target/reference/*

.github/workflows/build.yaml

@@ -0,0 +1,28 @@
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+name: build
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions: read-all
+
+jobs:
+
+  build:
+    if: github.actor != 'dependabot[bot]'
+    uses: copernik-eu/log4j-plugins/.github/workflows/build-reusable.yaml@main

.github/workflows/merge-dependabot.yaml

@@ -0,0 +1,40 @@
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#
+name: build
+
+on:
+  pull_request_target:
+
+permissions: read-all
+
+jobs:
+
+  build:
+    if: github.repository == 'copernik-eu/log4j-plugins' && github.actor == 'dependabot[bot]'
+    uses: copernik-eu/log4j-plugins/.github/workflows/build-reusable.yaml@main
+
+  merge:
+    needs: build
+
+    steps:
+
+      - name: Fetch metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906fd373f6b61b4526   # 1.6.0
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Automatically merge
+        run: |
+          gh pr merge --autor "$PR_URL"