From 316bfa6229da206ae537fa1545293d1237ae75f6 Mon Sep 17 00:00:00 2001 From: Pratyush Sharma <56130065+pratyush618@users.noreply.github.com> Date: Thu, 16 Apr 2026 06:04:44 +0530 Subject: [PATCH] chore(ci): add dependabot auto-merge and dependency grouping - Add workflow to auto-approve and squash-merge minor/patch dependabot PRs after CI passes (major bumps still require manual review) - Group dependencies by ecosystem to reduce PR noise (~4 grouped PRs instead of ~12 individual ones per week) - Remove `dependencies` from stale bot exempt labels so failing dependabot PRs get cleaned up after 59 days of inactivity --- .github/dependabot.yml | 31 ++++++++++++++++---- .github/workflows/dependabot-auto-merge.yml | 32 +++++++++++++++++++++ .github/workflows/stale.yml | 2 +- 3 files changed, 58 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/dependabot-auto-merge.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 086befa..0f13e1b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,21 +1,40 @@ - version: 2 + version: 2 updates: - - package-ecosystem: "cargo" - directory: "/" + - package-ecosystem: "cargo" + directory: "/" schedule: interval: "weekly" - + groups: + rust-minor-patch: + update-types: + - "minor" + - "patch" + - package-ecosystem: "pip" - directory: "/" - schedule: + directory: "/" + schedule: interval: "weekly" + groups: + python-minor-patch: + update-types: + - "minor" + - "patch" - package-ecosystem: "npm" directory: "/docs-site" schedule: interval: "weekly" + groups: + js-minor-patch: + update-types: + - "minor" + - "patch" - package-ecosystem: "github-actions" directory: "/" schedule: interval: "weekly" + groups: + actions-all: + patterns: + - "*" diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..b98663f --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,32 @@ +name: Dependabot Auto-Merge + +on: + pull_request_target: + types: [opened, synchronize, reopened] + +permissions: + contents: write + pull-requests: write + +jobs: + auto-merge: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Fetch Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Auto-approve and enable auto-merge + if: steps.metadata.outputs.update-type != 'version-update:semver-major' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PR_URL: ${{ github.event.pull_request.html_url }} + run: | + echo "Approving and enabling auto-merge for $PR_URL" + echo " Dependency: ${{ steps.metadata.outputs.dependency-names }}" + echo " Update type: ${{ steps.metadata.outputs.update-type }}" + gh pr review "$PR_URL" --approve + gh pr merge "$PR_URL" --auto --squash diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 8ceead6..4543bc0 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -20,7 +20,7 @@ jobs: days-before-pr-close: 14 days-before-issue-stale: 90 days-before-issue-close: 30 - exempt-pr-labels: 'dependencies,pinned,security,help wanted,good first issue' + exempt-pr-labels: 'pinned,security,help wanted,good first issue' exempt-issue-labels: 'dependencies,pinned,security,help wanted,good first issue' remove-stale-when-updated: true operations-per-run: 100