feat: setup dependabot

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/build-and-push.yml

@@ -8,7 +8,6 @@ on:
       - "Dockerfile"
       - "screeps-cli.js"
       - "screeps-start.js"
-      - "package.json"
       - "package-lock.json"
     tags:
       - "v*.*.*"
@@ -30,6 +29,7 @@ jobs:
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v4
+        if: ${{ github.event_name != 'pull_request' }}
         with:
           github-token: ${{ github.token }}
           flavor: |
@@ -39,20 +39,21 @@ jobs:
             ${{ secrets.DOCKER_HUB_USERNAME }}/screeps-server
           tags: |
             type=edge,branch=main
-            type=ref,event=pr
             type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
             type=sha
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
       - name: Login to DockerHub
         uses: docker/login-action@v3
+        if: ${{ github.event_name != 'pull_request' }}
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
       - name: Build and push
         uses: docker/build-push-action@v5
         with:
           context: .
+          push: ${{ github.event_name != 'pull_request' }}
           build-args: |
             NODE_VERSION=${{ matrix.node }}
           cache-from: type=gha

.github/workflows/dependabot.yml

@@ -0,0 +1,33 @@
+name: Dependabot auto-approve
+on: pull_request_target
+permissions:
+  pull-requests: write
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    # Checking the author will prevent your Action run failing on non-Dependabot PRs
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v1
+      - uses: actions/checkout@v4
+      - name: Enable auto-merge for Dependabot PRs
+        if: ${{
+          contains(steps.dependabot-metadata.outputs.dependency-names, 'screeps') &&
+          contains(fromJSON('["version-update:semver-patch", "version-update:semver-minor"]'), steps.dependabot-metadata.outputs.update-type)
+          }}
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Approve a PR if not already approved
+        run: |
+          gh pr checkout "$PR_URL" # sets the upstream metadata for `gh pr status`
+          if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
+          then gh pr review --approve "$PR_URL"
+          else echo "PR already approved, skipping additional approvals to minimize emails/notification noise.";
+          fi
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

Dockerfile

@@ -1,8 +1,4 @@
 ARG NODE_VERSION=10
-# TODO: Specify this in pipeline.
-# Setup pipelines to run on npm hook.
-# Requires proxy...
-ARG SCREEPS_VERSION=latest
 FROM node:${NODE_VERSION}-alpine as screeps
 
 # Install node-gyp dependencies
@@ -14,8 +10,9 @@ RUN --mount=type=cache,target=/etc/apk/cache \
 
 # Install screeps
 WORKDIR /screeps
+COPY package.json package-lock.json ./
 RUN --mount=type=cache,target=/root/.npm \
-  npm install --save-exact "screeps@${SCREEPS_VERSION}" "[email protected]"
+  npm clean-install
 
 # Initialize screeps, similar to `screeps init`
 RUN cp -a /screeps/node_modules/@screeps/launcher/init_dist/.screepsrc ./ && \