From b10012301f2a245dd000c7012cc37c00a51dd9ed Mon Sep 17 00:00:00 2001 From: Daniel Widgren Date: Wed, 1 Jul 2026 22:14:19 +0200 Subject: [PATCH] ci: auto-merge green dependabot PRs Merge dependabot's github-actions + docker bumps automatically once the CI workflow passes. Runs on CI completion so nothing merges before checks are green. Removes the manual review treadmill for routine bumps. --- .github/workflows/dependabot-automerge.yml | 37 ++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/dependabot-automerge.yml diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml new file mode 100644 index 0000000..dc9f268 --- /dev/null +++ b/.github/workflows/dependabot-automerge.yml @@ -0,0 +1,37 @@ +name: Dependabot auto-merge + +# Merge a dependabot PR (github-actions + docker bumps) once CI is green. +# Runs on CI completion rather than PR open, so the merge only happens after +# checks pass. Self-contained: no branch protection or repo settings required. + +on: + workflow_run: + workflows: [CI] + types: [completed] + +permissions: + contents: write + pull-requests: write + +jobs: + automerge: + if: >- + github.event.workflow_run.conclusion == 'success' && + github.event.workflow_run.event == 'pull_request' && + github.event.workflow_run.actor.login == 'dependabot[bot]' + runs-on: ubuntu-latest + steps: + - name: Merge the dependabot PR + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + REPO: ${{ github.repository }} + HEAD: ${{ github.event.workflow_run.head_branch }} + run: | + num=$(gh pr list --repo "$REPO" --head "$HEAD" --state open \ + --json number --jq '.[0].number // empty') + if [ -z "$num" ]; then + echo "No open PR for branch $HEAD; nothing to merge." + exit 0 + fi + echo "Merging PR #$num (branch $HEAD)" + gh pr merge "$num" --repo "$REPO" --squash --delete-branch