Dependabot
Dependabot
Section titled “Dependabot”version: 2updates: - package-ecosystem: "npm" directory: "/" schedule: interval: "daily" - package-ecosystem: "github-actions" # See documentation for possible values directory: "/" # Location of package manifests schedule: interval: "weekly"Auto merging dependabot
Section titled “Auto merging dependabot”Ensure allow github to create and approvs prs is set Also setup branch protection to block merges on build and test
name: auto-merge-dependabot
on: schedule: - cron: "0 5 * * 1" workflow_dispatch: push: branches: - master pull_request:
permissions: contents: read
jobs: dependabot: runs-on: ubuntu-latest permissions: pull-requests: write contents: write if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}} steps: - id: metadata uses: dependabot/fetch-metadata@v2 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - run: | gh pr review --approve "$PR_URL" gh pr merge --squash --auto "$PR_URL" env: PR_URL: ${{github.event.pull_request.html_url}} GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}