Add Dependabot auto-merge workflow #118
Conversation
github-actions
bot
added
the
part:tooling
There was a problem hiding this comment.
Pull Request Overview
This PR introduces an automated workflow to streamline dependency updates by automatically approving and merging Dependabot pull requests using GitHub Actions.
Key Changes:
- New GitHub Actions workflow that triggers on pull requests from Dependabot
- Configured to use merge commits for maintaining a linear commit history
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| if: github.actor == 'dependabot[bot]' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Auto-merge Dependabot PR | ||
| uses: ad/dependabot-auto-approve@v1 | ||
| with: | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| merge-method: 'merge' No newline at end of file |
There was a problem hiding this comment.
This workflow auto-merges all Dependabot PRs without any checks. Add a condition to require passing CI checks before merging, such as adding needs: [test] or checking for required status checks to prevent merging broken dependencies.
| - name: Auto-merge Dependabot PR | ||
| uses: ad/dependabot-auto-approve@v1 | ||
| with: | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
The default GITHUB_TOKEN may lack sufficient permissions to approve and merge PRs. Consider using a personal access token (PAT) or GitHub App token with appropriate permissions stored in secrets, such as ${{ secrets.DEPENDABOT_PAT }}.
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| github-token: ${{ secrets.DEPENDABOT_PAT }} |
Marenz
force-pushed
the
add-dependabot-workflow
branch
2 times, most recently
from
56e6feb to
8b84ae6
Compare
Signed-off-by: Mathias L. Baumann <[email protected]>
Marenz
force-pushed
the
add-dependabot-workflow
branch
from
8b84ae6 to
a1ed80d
Compare
1 participant
Summary
mergemethod for clean commit history