From ea7d516bebfdc52687406699749914b9efdf9a8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Gamez?= Date: Mon, 27 Nov 2023 12:49:35 +0100 Subject: [PATCH] Set up Dependabot with auto-merge --- .github/dependabot.yml | 15 ++++++++++++++ .github/workflows/dependabot-auto-merge.yml | 23 +++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/dependabot-auto-merge.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..6711c24 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 + +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + commit-message: + include: "scope" + prefix: "github-actions" + open-pull-requests-limit: 10 + labels: + - "dependency" diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..09d4949 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,23 @@ +name: "Dependabot auto-merge" + +on: [pull_request_target] # yamllint disable-line rule:truthy + +permissions: + contents: "write" + +jobs: + dependabot: + runs-on: "ubuntu-latest" + if: "${{ github.actor == 'dependabot[bot]' }}" + steps: + - name: "Dependabot metadata" + id: "metadata" + uses: "dependabot/fetch-metadata@v1.6.0" + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + - name: "Enable auto-merge for Dependabot PRs" + if: "${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}" + run: "gh pr merge --auto --merge \"$PR_URL\"" + env: + PR_URL: "${{github.event.pull_request.html_url}}" + GITHUB_TOKEN: "${{secrets.GITHUB_TOKEN}}"