AAE-35226 Add reusable workflow for dependabot flow management

atchertchian · atchertchian · commit dc36166b75ab · 2025-10-01T15:11:40.000+02:00
diff --git a/.github/workflows/pr-review-check.yml b/.github/workflows/pr-review-check.yml
@@ -0,0 +1,51 @@
+name: "PR Review check"
+
+on:
+  workflow_call:
+    inputs:
+      github-token:
+        description: >
+          Token used to enable auto-merge, comment on the PR, and change PR milestone/label.
+          This token CANNOT be the default `GITHUB_TOKEN` if auto-merge is set, otherwise the merge of the PR will not trigger a build.
+          Or similarly, if labeled and milestoned events are expected to trigger a new build.
+        required: true
+        type: string
+      trigger-labels:
+        description: JSON object mapping the list of labels that should trigger the validation
+        required: true
+        type: string
+      milestone-name:
+        description: Milestone to set on the PR when validation is triggered
+        required: true
+        type: string
+
+env:
+  DEPENDABOT_CREATOR: 'dependabot[bot]'
+
+permissions:
+  contents: read          # Required to read repository content
+  pull-requests: write    # Required to edit PR (milestones, labels, auto-merge)
+  issues: write          # Required to create comments on PRs
+
+jobs:
+  check:
+    if: github.secret_source != 'None'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Trigger validation on approval
+        if: github.event_name == 'pull_request_review'
+        uses: Alfresco/alfresco-build-tools/.github/actions/github-trigger-approved-pr@c295ecd6ca6b9c473dcada1e0478cdeaba79d5ea # v9.0.0
+        with:
+          creator: ${{ env.DEPENDABOT_CREATOR }}
+          github-token: ${{ inputs.github-token }}
+          milestone-on-approval: ${{ inputs.milestone-name }}
+          auto-merge-on-approval: true
+
+      - name: Trigger validation on labeling, unless token is readonly (dependabot/fork) or milestone
+        if: github.event_name == 'pull_request' && github.event.action == 'labeled' && github.secret_source == 'Actions' && inputs.milestone-name != ''
+        uses: Alfresco/alfresco-build-tools/.github/actions/github-trigger-labeled-pr@c295ecd6ca6b9c473dcada1e0478cdeaba79d5ea # v9.0.0
+        with:
+          github-token: ${{ inputs.github-token }}
+          labels: ${{ inputs.trigger-labels }}
+          milestone: ${{ inputs.milestone-name }}
+          force-trigger: true
