Auto Merge Dependabot
Automating with GHA
name: Dependabot auto-mergeon: pull_request
permissions: contents: write pull-requests: write
jobs: dependabot: runs-on: ubuntu-latest if: github.actor == 'dependabot[bot]' steps: - name: Dependabot metadata id: metadata uses: dependabot/fetch-metadata@v2 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Enable auto-merge for Dependabot PRs run: gh pr merge --auto --merge "$PR_URL" env: PR_URL: ${{github.event.pull_request.html_url}} GH_TOKEN: ${{secrets.GITHUB_TOKEN}}Automate only specific patches based on semver
# This should depend on the backend and frontend builds, then if it is a PR submitted by Dependabot that is a patch it will merge the PR close_pr: if: github.event_name == 'pull_request' && github.actor == 'dependabot[bot]' runs-on: ubuntu-latest needs: - backend-build - frontend-build permissions: contents: write pull-requests: write steps: - name: Dependabot metadata id: dependabot-metadata uses: dependabot/fetch-metadata@v2 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Merge PR if: steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' run: gh pr merge --auto --merge "$PR_URL" env: PR_URL: ${{github.event.pull_request.html_url}} GH_TOKEN: ${{secrets.GITHUB_TOKEN}} Sources:
- https://nicolasiensen.github.io/2022-07-23-automating-dependency-updates-with-dependabot-github-auto-merge-and-github-actions/
- https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions