1name: Dependabot auto-merge
2on: pull_request
3
4permissions:
5 contents: write
6 pull-requests: write
7
8jobs:
9 dependabot:
10 runs-on: ubuntu-latest
11 if: github.actor == 'dependabot[bot]'
12 steps:
13 - name: Dependabot metadata
14 id: metadata
15 uses: dependabot/fetch-metadata@v1
16
17 - name: Auto-approve all dependabot PRs
18 run: gh pr review --approve "$PR_URL"
19 env:
20 PR_URL: ${{github.event.pull_request.html_url}}
21 GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
22
23 - name: Auto-merge dependabot PRs for development dependencies
24 if: contains(steps.metadata.outputs.dependency-group, 'development-dependencies')
25 run: gh pr merge --auto --rebase "$PR_URL"
26 env:
27 PR_URL: ${{github.event.pull_request.html_url}}
28 GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
29
30 - name: Auto-merge dependabot PRs for go-openapi patches
31 if: contains(steps.metadata.outputs.dependency-group, 'go-openapi-dependencies') && (steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch')
32 run: gh pr merge --auto --rebase "$PR_URL"
33 env:
34 PR_URL: ${{github.event.pull_request.html_url}}
35 GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
36
37 - name: Auto-merge dependabot PRs for golang.org updates
38 if: contains(steps.metadata.outputs.dependency-group, 'golang.org-dependencies')
39 run: gh pr merge --auto --rebase "$PR_URL"
40 env:
41 PR_URL: ${{github.event.pull_request.html_url}}
42 GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
43
View as plain text