Skip to content

[iobroker-bot] Setup Auto-Merge for Dependabot PRs #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ioBroker-Bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[iobroker-bot] Setup Auto-Merge for Dependabot PRs #107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions .github/auto-merge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# Auto-merge configuration for Dependabot PRs
# This file configures which dependency updates should be merged automatically.

# Configure here which dependency updates should be merged automatically.
# The recommended configuration is the following:
- match:
# Merge patch updates for production dependencies
dependency_type: production
update_type: 'semver:patch'
- match:
# Merge patch and minor updates for development dependencies
dependency_type: development
update_type: 'semver:minor'

# The syntax is based on the legacy dependabot v1 automerged_updates syntax, see:
# https://dependabot.com/docs/config-file/#automerged_updates

# IMPORTANT: Hierarchical matching applies:
# - semver:patch → only patch updates (e.g., 1.0.0 → 1.0.1)
# - semver:minor → patch AND minor updates (e.g., 1.0.0 → 1.0.1 or 1.0.0 → 1.1.0)
# - semver:major → patch, minor, AND major updates (all version changes)

# Additional examples:

# Allow all patch updates only (both production and development):
# - match:
# update_type: 'semver:patch'

# Allow patch and minor updates for development dependencies:
# - match:
# dependency_type: development
# update_type: 'semver:minor'

# Allow all updates (patch, minor, and major) for development dependencies:
# - match:
# dependency_type: development
# update_type: 'semver:major'
35 changes: 35 additions & 0 deletions .github/workflows/automerge-dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Workflow for auto-merging Dependabot PRs
# This workflow uses the action-automerge-dependabot action to automatically merge
# Dependabot PRs based on the rules defined in .github/auto-merge.yml

name: Auto-Merge Dependabot PRs

on:
# Trigger when a PR is opened or updated
# WARNING: This needs to be run in the PR base, DO NOT build untrusted code in this action
pull_request_target:
types: [opened, synchronize, reopened]

jobs:
auto-merge:
runs-on: ubuntu-latest
# Only run if actor is dependabot
if: github.actor == 'dependabot[bot]'

permissions:
contents: write
pull-requests: write

steps:
- name: Auto-merge Dependabot PRs
uses: iobroker-bot-orga/action-automerge-dependabot@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
# Optional: Path to your auto-merge configuration file
# config-file-path: '.github/auto-merge.yml'
# Optional: Merge method (merge, squash, or rebase)
# merge-method: 'squash'
# Optional: Wait for other checks to complete
# wait-for-checks: 'true'
# Optional: Maximum time to wait for checks in seconds (default: 3600)
# max-wait-time: '3600'