build(deps): Bump the npm_and_yarn group across 1 directory with 2 updates #10
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Auto-approve and merge Dependabot PRs | |
| # Mirrors hofmann-elimination's auto-dependabot workflow: when Dependabot opens a PR, fetch | |
| # its metadata, approve the PR, and enable auto-merge so it lands as soon as CI is green. | |
| # | |
| # Requires two repository settings to be enabled (cannot be configured from a workflow): | |
| # 1. Settings → General → "Allow auto-merge" | |
| # 2. Settings → Actions → General → Workflow permissions → "Allow GitHub Actions to create | |
| # and approve pull requests" | |
| # Without those, this workflow will run but the approve / auto-merge calls fail. | |
| on: pull_request | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| dependabot: | |
| runs-on: ubuntu-latest | |
| if: github.event.pull_request.user.login == 'dependabot[bot]' | |
| steps: | |
| - name: Dependabot metadata | |
| id: metadata | |
| uses: dependabot/fetch-metadata@v3 | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Enable auto-merge | |
| run: gh pr merge --auto --squash --delete-branch "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Approve PR | |
| run: gh pr review --approve "$PR_URL" | |
| env: | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |