mirror of
https://github.com/kevinveenbirkenbach/docker-volume-backup.git
synced 2026-07-17 14:15:13 +00:00
Dependabot opens weekly PRs for the three update surfaces: github-actions (grouped into one PR; the first one also clears the Node 20 deprecation warning on checkout@v4 and upload-artifact@v4), the python base image, and the pip dependencies. A companion workflow enables auto-merge for minor and patch bumps so they land on their own once the required make test check is green; major bumps stay manual. Requires two repo settings: allow auto-merge, and a branch protection rule on main with make test as required status check, which is the gate that keeps auto-merge from landing untested changes. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
30 lines
871 B
YAML
30 lines
871 B
YAML
---
|
|
name: Dependabot auto-merge
|
|
|
|
on: pull_request
|
|
|
|
permissions:
|
|
contents: write
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
auto-merge:
|
|
# Enable auto-merge for minor/patch dependency bumps; majors stay manual.
|
|
# The merge only happens once every required status check (make test) is
|
|
# green, so the CI stays the gate.
|
|
if: github.actor == 'dependabot[bot]'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Fetch dependency metadata
|
|
id: metadata
|
|
uses: dependabot/fetch-metadata@v2
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Enable auto-merge (minor + patch)
|
|
if: steps.metadata.outputs.update-type != 'version-update:semver-major'
|
|
run: gh pr merge --auto --squash "$PR_URL"
|
|
env:
|
|
PR_URL: ${{ github.event.pull_request.html_url }}
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|