Skip to content

chore(deps): bump the typescript-toolchain group across 1 directory with 3 updates #173

chore(deps): bump the typescript-toolchain group across 1 directory with 3 updates

chore(deps): bump the typescript-toolchain group across 1 directory with 3 updates #173

name: Dependabot auto-merge
on: pull_request
# Least-privilege default; the auto-merge job escalates to what it needs to
# enable auto-merge on Dependabot PRs.
permissions:
contents: read
jobs:
auto-merge:
# Only act on Dependabot's own PRs.
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
steps:
- name: Fetch update metadata
id: meta
uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Enable auto-merge for patch & minor updates
if: >-
steps.meta.outputs.update-type == 'version-update:semver-patch' ||
steps.meta.outputs.update-type == 'version-update:semver-minor'
# PR_URL via env (never interpolated into the shell) to avoid injection.
# No approval step: the GITHUB_TOKEN can't approve PRs, and main requires
# status checks (not reviews), so auto-merge just waits on CI then merges.
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh pr merge --auto --squash "$PR_URL"