Update dependabot PR auto-closing job to also lock (github#22021)

* Update auto-closing job to also lock the PR * Follow security best practice using env vars instead of string supplanting * Mark the lock_reason as 'resolved' instead of 'spam' for clarity * Rethrow the error is locking fails to prevent unnecessary swallowing for this non-blocking workflow
Magoslu · Oct 8, 2021 · 245271e · 245271e
1 parent 2ea2e9d
commit 245271e
Showing 1 changed file with 26 additions and 1 deletion.
diff --git a/.github/workflows/automerge-dependencies.yml b/.github/workflows/automerge-dependencies.yml
@@ -52,10 +52,35 @@ jobs:
       }}
     runs-on: ubuntu-latest
     steps:
-      - name: Close and comment on the pull request
+      - name: Close pull request
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_URL: ${{ github.event.pull_request.html_url }}
         run: |
           gh pr close "$PR_URL"
+
+      - name: Comment on the pull request
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_URL: ${{ github.event.pull_request.html_url }}
+        run: |
           gh pr comment "$PR_URL" --body "This dependency update will be handled internally by our engineering team."
+
+      # Because we get far too much spam ;_;
+      - name: Lock conversations
+        uses: actions/github-script@2b34a689ec86a68d8ab9478298f91d5401337b7d
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        with:
+          script: |
+            try {
+              await github.issues.lock({
+                ...context.repo,
+                issue_number: parseInt(process.env.PR_NUMBER, 10),
+                lock_reason: 'resolved'
+              })
+              console.log('Locked the pull request to prevent spam!')
+            } catch (error) {
+              console.error(`Failed to lock the pull request. Error: ${error}`)
+              throw error
+            }