-
-
Notifications
You must be signed in to change notification settings - Fork 3
26 lines (23 loc) · 1.03 KB
/
dependabot.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# https://github.com/dependabot/fetch-metadata
name: dependabot
on: pull_request_target
permissions:
pull-requests: write
contents: write
jobs:
dependabot:
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
timeout-minutes: 5
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ github.token }}
steps:
# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions#approve-a-pull-request
- name: Approve Dependabot PR
run: gh pr review --approve $PR_URL
# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
- name: Enable auto-merge for Dependabot PR
if: contains(github.event.pull_request.title, 'deps-dev')
# https://cli.github.com/manual/gh_pr_merge
run: gh pr merge --auto --merge $PR_URL