From ab32a9b63d2fe6174561407214407e4dc5e6fd33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Bedn=C3=A1=C5=99?= Date: Wed, 14 Jan 2026 10:26:24 +0100 Subject: [PATCH] feat: add auto-merge configuration for Dependabot PRs --- .circleci/config.yml | 2 +- .github/dependabot.yml | 5 ++++ .github/workflows/dependabot-auto-merge.yml | 32 +++++++++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/dependabot-auto-merge.yml diff --git a/.circleci/config.yml b/.circleci/config.yml index ae8fbde..a9c1f7f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -193,7 +193,7 @@ workflows: matrix: parameters: exe: [ docker-amd64-image, docker-arm64-image ] - python-image: [ << pipeline.parameters.default-python-image >>, "cimg/python:3.9", "cimg/python:3.10", "cimg/python:3.11", "cimg/python:3.12", cimg/python:3.13 ] + python-image: [ << pipeline.parameters.default-python-image >>, "cimg/python:3.9", "cimg/python:3.10", "cimg/python:3.11", "cimg/python:3.12", "cimg/python:3.13" ] - tests-python: requires: - tests-python diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 95b538f..f1a47cd 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,3 +5,8 @@ updates: schedule: interval: "daily" open-pull-requests-limit: 10 + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 10 diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..f4e7e93 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,32 @@ +name: Auto-merge Dependabot PRs + +on: + pull_request_target: + types: [opened, reopened, synchronize, ready_for_review, labeled] + +jobs: + automerge: + if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + checks: read + steps: + - name: Fetch Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Approve PR + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh pr review --approve "$PR_URL" + + - name: Enable auto-merge + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: gh pr merge --auto --squash "$PR_URL"