From 7f30517054808db188e0d8fa523ba2ed782619be Mon Sep 17 00:00:00 2001 From: trick77 Date: Mon, 22 Jun 2026 06:30:10 +0200 Subject: [PATCH] feat(ci): auto-merge Dependabot patch and minor updates --- .github/workflows/dependabot-auto-merge.yaml | 31 ++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/dependabot-auto-merge.yaml diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml new file mode 100644 index 0000000..755aa8c --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -0,0 +1,31 @@ +name: Dependabot auto-merge + +# Auto-merges Dependabot PRs once required status checks pass. Gated to patch +# and minor bumps; major bumps are left for manual review. For grouped updates +# (see dependabot.yaml) fetch-metadata reports the highest bump in the batch, +# so a group containing any major update is excluded. +# +# Requires branch protection on the default branch with the repo's PR status +# checks required for `gh pr merge --auto` to have something to wait on. + +on: pull_request_target + +permissions: + contents: write + pull-requests: write + +jobs: + auto-merge: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Fetch Dependabot metadata + id: meta + uses: dependabot/fetch-metadata@v2 + + - name: Enable auto-merge for patch and minor updates + if: contains(fromJSON('["version-update:semver-patch", "version-update:semver-minor"]'), steps.meta.outputs.update-type) + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}