Merge pull request #1589 from GSA/dependabot_fix

enable dependabot auto-merge magic
2026-01-02 22:20:44 -05:00 · 2025-03-12 13:53:29 -07:00
parent 8fbfdad20f 2c76d267c6
commit 0b37f7e100
2 changed files with 47 additions and 0 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,3 +9,5 @@ updates:
    directory: "/" # Location of package manifests
    schedule:
      interval: "daily"
+    labels:
+      - "dependabot" # Custom label to identify Dependabot PRs
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -0,0 +1,45 @@
+# TODO
+# repo->Settings->Pull Requests->Check "Allow auto-merge"
+# Settings-Branches->Add/Edit branch protection rule for main:
+    # Check "Require status checks to pass before merging" and select build workflow (CI pipelilne name like 'build') to make sure PR only merges when it passes
+
+name: Dependabot Auto-Merge
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+
+  permissions:
+    pull-requests: write # To approve PRs
+    contents: write # to merge PRs
+
+  jobs:
+    auto-merge:
+      runs-on: ubuntu-latest
+      if: github.actor == 'dependabot[bot]' # Only dependabot PRs
+      steps:
+        - name: Checkout repo
+          users: actions/checkout@v4
+
+        - name: Fetch Dependabot metadata
+          id: metadata
+          uses: dependabot/fetch-metadata@v2
+          with:
+            github-token: ${{ secrets.GITHUB_TOKEN }}
+
+        # - name: Approve minor updates
+        #   if: steps.metadata.outputs.update-type == 'version-update:semver-minor'
+        #   run: |
+        #     gh pr review "$PR_URL" --approve -b "Auto-approved minor update"
+        #   env:
+        #     PR_URL: ${{ github.event.pull_request.html_url }}
+        #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+        # use admin to bypass the need for approval, human PRs still need two approvals
+        - name: Enable auto-merge for minor updates
+          if: steps.metadata.outputs.update-type == 'version-update:semver-minor'
+          run: |
+            gh pr merge --squash --admin "$PR_URL"
+          env:
+            PR_URL: ${{ github.event.pull_request.html_url }}
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}