File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -5,13 +5,16 @@ updates:
55 schedule :
66 interval : " weekly"
77 open-pull-requests-limit : 20
8- versioning-strategy : lockfile-only
98 labels :
109 - dependencies
10+ versioning-strategy : widen
1111 groups :
1212 dependencies :
1313 patterns :
1414 - " *"
15+ update-types :
16+ - " minor"
17+ - " patch"
1518 - package-ecosystem : " github-actions"
1619 directory : " /"
1720 schedule :
Original file line number Diff line number Diff line change 1+ name : Dependabot
2+
3+ on : pull_request
4+
5+ permissions :
6+ contents : write
7+ pull-requests : write
8+
9+ jobs :
10+ dependabot-auto-merge :
11+ runs-on : ubuntu-latest
12+ if : github.actor == 'dependabot[bot]'
13+ steps :
14+ - name : Generate Token
15+ uses : actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
16+ id : app-token
17+ with :
18+ app-id : ${{ secrets.BOT_APP_ID }}
19+ private-key : ${{ secrets.BOT_PRIVATE_KEY }}
20+
21+ - name : Dependabot metadata
22+ id : dependabot-metadata
23+ uses : dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0
24+ with :
25+ github-token : " ${{ steps.app-token.outputs.token }}"
26+
27+ - name : Enable auto-merge for Dependabot PRs
28+ if : steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major'
29+ run : |
30+ if [ "$(gh pr status --json reviewDecision -q .currentBranch.reviewDecision)" != "APPROVED" ];
31+ then gh pr review --approve "$PR_URL"
32+ else echo "PR already approved, skipping additional approvals to minimize emails/notification noise.";
33+ fi
34+
35+ gh pr merge --auto --squash "$PR_URL"
36+ env :
37+ PR_URL : ${{ github.event.pull_request.html_url }}
38+ GH_TOKEN : ${{ steps.app-token.outputs.token }}
You can’t perform that action at this time.
0 commit comments