+29 -7

.github/dependabot.yml

reviewed

··· 11 11 timezone: 'Asia/Shanghai' 12 12 # Limit the number of open PRs created by Dependabot 13 13 open-pull-requests-limit: 10 14 14 + # Allow automatic merging of non-major version updates 15 15 + allow: 16 16 + - dependency-type: 'all' 17 17 + assignees: 18 18 + - 'the3ash' 14 19 commit-message: 15 15 - # Use 'chore' as the commit message prefix 16 16 - prefix: 'chore' 20 20 + # Use 'deps' for production dependencies, 'dev' for development dependencies 21 21 + prefix: 'deps' 22 22 + prefix-development: 'dev' 17 23 include: 'scope' 18 24 # Labels to add to Dependabot PRs 19 25 labels: ··· 23 29 # Ignore major version updates (breaking changes) 24 30 - dependency-name: '*' 25 31 update-types: ['version-update:semver-major'] 26 26 - allow: 27 27 - # Allow updates for development dependencies 28 28 - - dependency-type: 'development' 29 29 - # Allow updates for direct dependencies 30 30 - - dependency-type: 'direct' 32 32 + versioning-strategy: auto 33 33 + 34 34 + # Enable GitHub Actions updates 35 35 + - package-ecosystem: 'github-actions' 36 36 + directory: '/' 37 37 + schedule: 38 38 + # Check for updates every Monday at 09:00 (Asia/Shanghai) 39 39 + interval: 'weekly' 40 40 + day: 'monday' 41 41 + time: '09:00' 42 42 + timezone: 'Asia/Shanghai' 43 43 + open-pull-requests-limit: 10 44 44 + assignees: 45 45 + - 'the3ash' 46 46 + commit-message: 47 47 + prefix: 'github-actions' 48 48 + include: 'scope' 49 49 + labels: 50 50 + - 'dependencies' 51 51 + - 'automated' 52 52 + - 'github-actions'

+82 -16

.github/workflows/ci.yml

reviewed

··· 5 5 branches: [main, master] 6 6 pull_request: 7 7 branches: [main, master] 8 8 + check_suite: 9 9 + types: [completed] 10 10 + status: {} 11 11 + 12 12 + concurrency: 13 13 + group: ${{ github.workflow }}-${{ github.ref }} 14 14 + cancel-in-progress: true 15 15 + 16 16 + permissions: 17 17 + contents: write 18 18 + pull-requests: write 19 19 + checks: read 8 20 9 21 jobs: 10 10 - # Validate dependencies and build 11 22 validate: 23 23 + name: Validate Code & Build 12 24 runs-on: ubuntu-latest 25 25 + 13 26 steps: 14 27 - name: Checkout code 15 28 uses: actions/checkout@v4 ··· 26 39 cache: 'pnpm' 27 40 28 41 - name: Install dependencies 29 29 - run: pnpm install --frozen-lockfile 42 42 + run: pnpm install --frozen-lockfile --prefer-offline 43 43 + 44 44 + - name: Check formatting (if prettier is available) 45 45 + run: | 46 46 + if [ -f "pnpm-lock.yaml" ] && pnpm list prettier &>/dev/null; then 47 47 + pnpm exec prettier --check . 48 48 + else 49 49 + echo "Prettier not configured, skipping format check" 50 50 + fi 51 51 + continue-on-error: true 52 52 + 53 53 + - name: Run ESLint (if available) 54 54 + run: | 55 55 + if [ -f "pnpm-lock.yaml" ] && pnpm list eslint &>/dev/null; then 56 56 + pnpm exec eslint . 57 57 + else 58 58 + echo "ESLint not configured, skipping lint check" 59 59 + fi 60 60 + continue-on-error: true 30 61 31 62 - name: Run linting 32 63 run: pnpm lint ··· 34 65 - name: Build project 35 66 run: pnpm build 36 67 37 37 - # Auto-merge Dependabot PRs 38 68 auto-merge: 39 39 - if: | 40 40 - github.event_name == 'pull_request' && 41 41 - github.actor == 'dependabot[bot]' && 42 42 - contains(github.event.pull_request.labels.*.name, 'dependencies') 43 43 - needs: validate 69 69 + name: Auto Merge 44 70 runs-on: ubuntu-latest 45 45 - permissions: 46 46 - contents: write 47 47 - pull-requests: write 71 71 + needs: validate 72 72 + if: > 73 73 + github.event_name == 'pull_request' && 74 74 + github.event.pull_request.draft == false && 75 75 + ( 76 76 + github.actor == 'dependabot[bot]' || 77 77 + contains(github.event.pull_request.labels.*.name, 'automerge') 78 78 + ) 79 79 + 48 80 steps: 49 81 - name: Checkout code 50 82 uses: actions/checkout@v4 83 83 + with: 84 84 + token: ${{ secrets.GITHUB_TOKEN }} 51 85 52 52 - - name: Enable auto-merge for Dependabot PRs 53 53 - run: | 54 54 - gh pr merge --auto --squash "${{ github.event.pull_request.number }}" 55 55 - env: 56 56 - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 86 86 + - name: Auto approve Dependabot PRs 87 87 + if: github.actor == 'dependabot[bot]' 88 88 + uses: hmarr/auto-approve-action@v3 89 89 + with: 90 90 + github-token: ${{ secrets.GITHUB_TOKEN }} 91 91 + pull-request-number: ${{ github.event.pull_request.number }} 92 92 + 93 93 + - name: Wait for all checks to complete 94 94 + uses: fountainhead/action-wait-for-check@v1.2.0 95 95 + id: wait-for-checks 96 96 + with: 97 97 + token: ${{ secrets.GITHUB_TOKEN }} 98 98 + checkName: 'Validate Code & Build' 99 99 + ref: ${{ github.event.pull_request.head.sha || github.sha }} 100 100 + timeoutSeconds: 600 101 101 + intervalSeconds: 10 102 102 + 103 103 + - name: Auto merge 104 104 + if: steps.wait-for-checks.outputs.conclusion == 'success' 105 105 + uses: actions/github-script@v7 106 106 + with: 107 107 + github-token: ${{ secrets.GITHUB_TOKEN }} 108 108 + script: | 109 109 + const { data: pullRequest } = await github.rest.pulls.get({ 110 110 + owner: context.repo.owner, 111 111 + repo: context.repo.repo, 112 112 + pull_number: context.issue.number 113 113 + }); 114 114 + 115 115 + await github.rest.pulls.merge({ 116 116 + owner: context.repo.owner, 117 117 + repo: context.repo.repo, 118 118 + pull_number: context.issue.number, 119 119 + merge_method: 'squash', 120 120 + commit_title: pullRequest.title, 121 121 + commit_message: pullRequest.body || '' 122 122 + });