Skip to content

ci: auto-merge Dependabot PRs#59

Merged
Solvely-Colin merged 1 commit into
mainfrom
ci/dependabot-automerge
Feb 19, 2026
Merged

ci: auto-merge Dependabot PRs#59
Solvely-Colin merged 1 commit into
mainfrom
ci/dependabot-automerge

Conversation

@Solvely-Colin

@Solvely-Colin Solvely-Colin commented Feb 19, 2026

Copy link
Copy Markdown
Owner

What this does

Adds a GitHub Actions workflow that automatically handles Dependabot PRs:

  • Auto-approves and auto-merges (squash) patch and minor dependency updates once CI passes
  • Flags major version bumps with a comment and major-update label for manual review — no auto-merge

How it works

  1. Triggers on any pull_request event from dependabot[bot]
  2. Uses dependabot/fetch-metadata to detect the semver update type
  3. For patch/minor: approves the PR and enables GitHub's auto-merge (squash)
  4. For major: adds a warning comment and skips auto-merge

Requirements

  • Auto-merge must be enabled in the repo settings (Settings → General → Allow auto-merge)
  • Branch protection rules with required status checks will gate the merge

Safety

  • Major version bumps are never auto-merged
  • All updates still must pass CI before merging
  • Uses only the default GITHUB_TOKEN — no PATs needed

@Solvely-Colin Solvely-Colin merged commit 34f1c0d into main Feb 19, 2026
13 checks passed
@Solvely-Colin Solvely-Colin deleted the ci/dependabot-automerge branch February 19, 2026 01:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Solvely-Colin