diff --git a/.gitignore b/.gitignore
index be1b7832..880e3ecf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
node_modules/
.idea
.nyc_output
+.tap/
diff --git a/README.md b/README.md
index 9d409dda..0434bc27 100644
--- a/README.md
+++ b/README.md
@@ -20,24 +20,24 @@ Error: Resource not accessible by integration
## Inputs
-| input | required | default | description |
+| input | required | default | description |
|----------------------------|----------|---------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `github-token` | No | `${{github.token}}` | A GitHub token. |
-| `exclude` | No | | A comma or semicolon separated value of packages that you don't want to auto-merge and would like to manually review to decide whether to upgrade or not. |
-| `approve-only` | No | `false` | If `true`, the PR is only approved but not merged. |
-| `merge-method` | No | `squash` | The merge method you would like to use (squash, merge, rebase). |
-| `merge-comment` | No | `''` | An arbitrary message that you'd like to comment on the PR after it gets auto-merged. This is only useful when you're receiving too much of noise in email and would like to filter mails for PRs that got automatically merged. |
-| `use-github-auto-merge` | No | `false` | If `true`, the PR is marked as auto-merge and will be merged by GitHub when status checks are satisfied.
_NOTE_: This feature only works when all of the following conditions are met.
- The repository enables auto-merge.
- The pull request base must have a branch protection rule.
- The pull request's status checks are not yet satisfied.
Refer to [the official document](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request) about GitHub auto-merge. |
-| `target` | No | `any` | A flag to only auto-merge updates based on Semantic Versioning.
Possible options are: `major, premajor, minor, preminor, patch, prepatch, prerelease, any`.
For more details on how semantic version difference is calculated please see [semver](https://www.npmjs.com/package/semver) package.
If you set a value other than `any`, PRs that are not semantic version compliant are skipped. An example of a non-semantic version is a commit hash when using git submodules. |
-| `pr-number` | No | | A pull request number, only required if triggered from a workflow_dispatch event. Typically this would be triggered by a script running in a separate CI provider. See [Trigger action from workflow_dispatch event](#trigger-action-from-workflow_dispatch-event) example. |
-| `skip-commit-verification` | No | `false` | If `true`, then the action will not expect the commits to have a verification signature. It is required to set this to `true` in GitHub Enterprise Server. |
-| `skip-verification` | No | `false` | If true, the action will not validate the user or the commit verification status |
+| `github-token` | No | `${{github.token}}` | A GitHub token. |
+| `exclude` | No | | A comma or semicolon separated value of packages that you don't want to auto-merge and would like to manually review to decide whether to upgrade or not. |
+| `approve-only` | No | `false` | If `true`, the PR is only approved but not merged. |
+| `merge-method` | No | `squash` | The merge method you would like to use (squash, merge, rebase). |
+| `merge-comment` | No | `''` | An arbitrary message that you'd like to comment on the PR after it gets auto-merged. This is only useful when you're receiving too much of noise in email and would like to filter mails for PRs that got automatically merged. |
+| `use-github-auto-merge` | No | `false` | If `true`, the PR is marked as auto-merge and will be merged by GitHub when status checks are satisfied.
_NOTE_: This feature only works when all of the following conditions are met.
- The repository enables auto-merge.
- The pull request base must have a branch protection rule.
- The pull request's status checks are not yet satisfied.
Refer to [the official document](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/incorporating-changes-from-a-pull-request/automatically-merging-a-pull-request) about GitHub auto-merge. |
+| `target` | No | `any` | A flag to only auto-merge updates based on Semantic Versioning.
Possible options are: `major, premajor, minor, preminor, patch, prepatch, prerelease, any`.
The value of this flag allows for updates for all the matching versions **and lower** with the respect for priority. This means, for example, if the `target` is set to `major` and the update is made to `minor` version the auto-merge will be triggered.
For more details on how semantic version difference is calculated please see [semver](https://www.npmjs.com/package/semver) package.
If you set a value other than `any`, PRs that are not semantic version compliant are skipped. An example of a non-semantic version is a commit hash when using git submodules. |
+| `pr-number` | No | | A pull request number, only required if triggered from a workflow_dispatch event. Typically this would be triggered by a script running in a separate CI provider. See [Trigger action from workflow_dispatch event](#trigger-action-from-workflow_dispatch-event) example. |
+| `skip-commit-verification` | No | `false` | If `true`, then the action will not expect the commits to have a verification signature. It is required to set this to `true` in GitHub Enterprise Server. |
+| `skip-verification` | No | `false` | If true, the action will not validate the user or the commit verification status |
## Output
-| outputs | Description |
+| outputs | Description |
|---------------|---------------|
-| merge_status | The result status of the merge. It can be one of the following: `approved`, `merged`, `merge_failed`, `skipped:commit_verification_failed`, `skipped:not_a_dependabot_pr`, `skipped:cannot_update_major`, `skipped:bump_higher_than_target`, `skipped:packaged_excluded`|
+| merge_status | The result status of the merge. It can be one of the following: `approved`, `merged`, `merge_failed`, `skipped:commit_verification_failed`, `skipped:not_a_dependabot_pr`, `skipped:cannot_update_major`, `skipped:bump_higher_than_target`, `skipped:packaged_excluded` |
## Examples
diff --git a/test/action.test.js b/test/action.test.js
index 4eb017c8..76155ea4 100644
--- a/test/action.test.js
+++ b/test/action.test.js
@@ -774,3 +774,38 @@ tap.test('should forbid when update type is not valid', async () => {
MERGE_STATUS.skippedInvalidVersion
)
})
+
+tap.test('should allow minor when target is major', async () => {
+ const PR_NUMBER = Math.random()
+
+ const { action, stubs } = buildStubbedAction({
+ payload: {
+ pull_request: {
+ number: PR_NUMBER,
+ user: { login: BOT_NAME },
+ },
+ },
+ inputs: {
+ PR_NUMBER,
+ target: 'major',
+ },
+ dependabotMetadata: createDependabotMetadata({
+ updateType: updateTypes.minor,
+ }),
+ })
+
+ await action()
+
+ sinon.assert.calledWithExactly(
+ stubs.logStub.logInfo,
+ 'Dependabot merge completed'
+ )
+ sinon.assert.notCalled(stubs.coreStub.setFailed)
+ sinon.assert.calledOnce(stubs.approveStub)
+ sinon.assert.calledOnce(stubs.mergeStub)
+ sinon.assert.calledWith(
+ stubs.coreStub.setOutput,
+ MERGE_STATUS_KEY,
+ MERGE_STATUS.merged
+ )
+})