A Python script to automatically find and merge open Dependabot pull requests across all your personal repositories and repositories you have write access to. It merges only Dependabot PRs that have passed all required CI checks and are mergeable.
- Scans all repositories with write access for open Dependabot PRs.
- Checks that PRs are mergeable and have passing CI status checks.
- Supports three GitHub merge methods:
merge,squash, andrebase. - Dry-run mode to preview PRs that would be merged without actually merging.
- Option to exclude specific repositories from the scan.
- Handles GitHub API rate limits and errors gracefully.
- Logs actions and errors to a file
dependabot_automerge.log.
- Python 3.7+
- PyGithub
pip install PyGithub- A GitHub personal access token with
repopermissions. Create one at GitHub Developer Settings and set it as an environment variable:
export GITHUB_TOKEN="your_personal_access_token"Run the script with optional arguments:
python script.py [--merge-method {merge,squash,rebase}] [--dry-run] [--exclude-repos repo1 repo2 ...]| Argument | Description | Default |
|---|---|---|
--merge-method |
Merge strategy to use: merge, squash, or rebase |
squash |
--dry-run |
Show which PRs would be merged without merging them | False |
--exclude-repos |
Space-separated list of repository names to exclude | None |
Merge Dependabot PRs in all repos using squash method, excluding a repo called test-repo:
python script.py --merge-method squash --exclude-repos test-repoPreview what would be merged (dry run):
python script.py --dry-runAll actions and errors are logged to dependabot_automerge.log in the script directory.
Use this script at your own risk. It assumes you trust Dependabot PRs and that your CI checks are correctly configured.
Max Base
MIT License © 2025 Max Base
See LICENSE for details.