Skip to content

Store the registered credential in the test server. #152

Store the registered credential in the test server.

Store the registered credential in the test server. #152

Workflow file for this run

name: Auto-approve and merge Dependabot PRs
# Mirrors hofmann-elimination's auto-dependabot workflow: when Dependabot opens a PR, fetch
# its metadata, approve the PR, and enable auto-merge so it lands as soon as CI is green.
#
# Requires two repository settings to be enabled (cannot be configured from a workflow):
# 1. Settings → General → "Allow auto-merge"
# 2. Settings → Actions → General → Workflow permissions → "Allow GitHub Actions to create
# and approve pull requests"
# Without those, this workflow will run but the approve / auto-merge calls fail.
on: pull_request
permissions:
contents: write
pull-requests: write
jobs:
dependabot:
runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'dependabot[bot]'
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
# Only auto-merge low-risk bumps. Major version bumps — and any GitHub Actions
# update (a privileged supply-chain surface) — require human review, because a
# green CI run does not establish that a newly published dependency is trustworthy.
- name: Enable auto-merge
if: |
(steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
steps.metadata.outputs.update-type == 'version-update:semver-minor') &&
steps.metadata.outputs.package-ecosystem != 'github-actions'
run: gh pr merge --auto --squash --delete-branch "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Approve PR
if: |
(steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
steps.metadata.outputs.update-type == 'version-update:semver-minor') &&
steps.metadata.outputs.package-ecosystem != 'github-actions'
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}