Auto Merge Dependabot PRs #26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Auto Merge Dependabot PRs | |
on: | |
schedule: | |
# Run daily at 04:00 UTC since dependabot runs at 03:00 UTC | |
- cron: '0 4 * * *' | |
workflow_dispatch: # Allow manual trigger | |
permissions: | |
contents: write | |
pull-requests: write | |
# This workflow uses a GitHub App token to approve and merge Dependabot PRs | |
# The token is created using the `actions/create-github-app-token` action | |
# The token is used so that the updates are made by the GitHub App instead of Github Actions | |
# and will show up as such in the PR comments and history | |
# In addition, the token is scoped to only the permissions needed for this workflow | |
# see https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow for details | |
jobs: | |
auto-merge-dependabot: | |
runs-on: ubuntu-latest | |
steps: | |
# Gets the GitHub App token | |
- uses: actions/create-github-app-token@v2 | |
id: get-app-token | |
with: | |
# required | |
app-id: ${{ secrets.DEPENDABOT_APP_ID }} | |
private-key: ${{ secrets.DEPENDABOT_APP_KEY }} | |
permission-pull-requests: write | |
permission-contents: write | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ steps.get-app-token.outputs.token }} | |
persist-credentials: false | |
- name: Setup GitHub CLI | |
run: | | |
# GitHub CLI is pre-installed on GitHub-hosted runners | |
gh --version | |
- name: Run auto approve script | |
env: | |
GITHUB_TOKEN: ${{ steps.get-app-token.outputs.token }} | |
run: ./src/scripts/auto-approve-dependabot.sh ${{ github.repository }} |