Skip to content

chore: Add automerge workflow for dependabot PRs#10

Open
jeswr wants to merge 5 commits intomainfrom
chore/dependabot-automerge
Open

chore: Add automerge workflow for dependabot PRs#10
jeswr wants to merge 5 commits intomainfrom
chore/dependabot-automerge

Conversation

@jeswr
Copy link
Member

@jeswr jeswr commented Mar 12, 2026

Keeps dependabot ticking along

@jeswr jeswr requested review from Copilot and tgra March 12, 2026 14:49
Copilot AI reviewed Mar 12, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a GitHub Actions workflow intended to automatically approve and enable auto-merge for Dependabot pull requests, helping keep dependency updates flowing with less manual intervention.

Changes:

  • Introduces a new pull_request_target workflow that runs only when the PR actor is dependabot[bot]
  • Uses the GitHub CLI to approve the PR and enable auto-merge (squash)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jeswr
Update .github/workflows/automerge.yml
06de4ef 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings March 12, 2026 14:53
@jeswr
Update .github/workflows/automerge.yml
f21eb2e 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
jeswr and others added 2 commits March 12, 2026 14:54
@jeswr
Update .github/workflows/automerge.yml
55c1650 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@jeswr
Apply suggestion from @Copilot
ad7e428 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Copilot AI reviewed Mar 12, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/automerge.yml
permissions:
contents: write
pull-requests: write
if: github.actor == 'dependabot[bot]'
Copy link

Copilot AI Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using if: github.actor == 'dependabot[bot]' can skip the job on manual re-runs (the actor becomes the human who re-ran the workflow). For pull_request_target, it's more reliable to gate on the PR author, e.g. github.event.pull_request.user.login, so dependabot PRs can still be re-run safely if needed.

Suggested change
if: github.actor == 'dependabot[bot]'
if: github.event.pull_request.user.login == 'dependabot[bot]'

Copilot uses AI. Check for mistakes.
.github/workflows/automerge.yml
Comment on lines +16 to +17
steps:
- run: gh pr review ${{ github.event.pull_request.html_url }} --approve
Copy link

Copilot AI Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow attempts to enable auto-merge before approving the PR (gh pr merge ... --auto runs before gh pr review --approve). If branch protection requires an approval, the merge command will fail and auto-merge won't be enabled. Swap the order so the approval happens first, then enable auto-merge.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@tgra tgra Awaiting requested review from tgra

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jeswr