Skip to content

Auto Merge Dependabot PRs #168

Auto Merge Dependabot PRs

Auto Merge Dependabot PRs #168

name: Auto Merge Dependabot PRs
on:
schedule:
# Run daily at 04:00 UTC since dependabot runs at 03:00 UTC
- cron: '0 4 * * *'
workflow_dispatch: # Allow manual trigger
permissions:
contents: write
pull-requests: write
# This workflow uses a GitHub App token to approve and merge Dependabot PRs
# The token is created using the `actions/create-github-app-token` action
# The token is used so that the updates are made by the GitHub App instead of Github Actions
# and will show up as such in the PR comments and history
# In addition, the token is scoped to only the permissions needed for this workflow
# see https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/making-authenticated-api-requests-with-a-github-app-in-a-github-actions-workflow for details
jobs:
auto-merge-dependabot:
runs-on: ubuntu-latest
steps:
# Gets the GitHub App token
- uses: actions/create-github-app-token@v2
id: get-app-token
with:
# required
app-id: ${{ secrets.DEPENDABOT_APP_ID }}
private-key: ${{ secrets.DEPENDABOT_APP_KEY }}
permission-pull-requests: write
permission-contents: write
- name: Checkout code
uses: actions/checkout@v5
with:
token: ${{ steps.get-app-token.outputs.token }}
persist-credentials: false
- name: Setup GitHub CLI
run: |
# GitHub CLI is pre-installed on GitHub-hosted runners
gh --version
- name: Make script executable
run: chmod +x ./dev/auto-approve-dependabot.sh
- name: Run auto approve script
env:
GITHUB_TOKEN: ${{ steps.get-app-token.outputs.token }}
run: ./dev/auto-approve-dependabot.sh ${{ github.repository }}