ci: restore dependabot rules (#1797)

Restores the dependabot rules in buildkite for the purpose of security fixes which are handled by dependabot still.
This commit is contained in:
James Elliott 2021-03-10 15:53:33 +11:00 committed by GitHub
parent 98b47227ee
commit 1e46ec6c44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 3 deletions

View File

@ -14,7 +14,7 @@ steps:
if: build.branch != "master" if: build.branch != "master"
- wait: - wait:
if: build.pull_request.repository.fork != true && build.branch !~ /^renovate\/.*/ if: build.pull_request.repository.fork != true && build.branch !~ /^(dependabot|renovate)\/.*/
# Manual intervention by team required to deploy for forked PRs (prevent secret leakage). # Manual intervention by team required to deploy for forked PRs (prevent secret leakage).
- block: "Public fork needs approval" - block: "Public fork needs approval"
@ -32,7 +32,7 @@ steps:
- label: ":rocket: Setup Deployment" - label: ":rocket: Setup Deployment"
command: ".buildkite/deployment.sh | buildkite-agent pipeline upload" command: ".buildkite/deployment.sh | buildkite-agent pipeline upload"
depends_on: ~ depends_on: ~
if: build.branch != "master" && build.branch !~ /^renovate\/.*/ && build.pull_request.repository.fork != true if: build.branch != "master" && build.branch !~ /^(dependabot|renovate)\/.*/ && build.pull_request.repository.fork != true
# Removed dependency optimisation for forked PRs to enforce block step. # Removed dependency optimisation for forked PRs to enforce block step.
- label: ":rocket: Setup Deployment" - label: ":rocket: Setup Deployment"

View File

@ -33,7 +33,7 @@ cat << EOF
EOF EOF
else else
cat << EOF cat << EOF
if: build.branch !~ /^renovate\/.*/ if: build.branch !~ /^(dependabot|renovate)\/.*/
EOF EOF
fi fi
done done

4
.github/probot.js vendored
View File

@ -4,6 +4,10 @@ on('pull_request.opened')
context => context =>
context.payload.pull_request.head.label.slice(0, 9) === 'authelia:' context.payload.pull_request.head.label.slice(0, 9) === 'authelia:'
) )
.filter(
context =>
context.payload.pull_request.head.ref.slice(0, 11) !== 'dependabot/'
)
.filter( .filter(
context => context =>
context.payload.pull_request.head.ref.slice(0, 9) !== 'renovate/' context.payload.pull_request.head.ref.slice(0, 9) !== 'renovate/'