feat: Add Dependabot auto-merge workflow #287
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
the
part:tooling
Marenz
force-pushed
the
add-dependabot-workflow
branch
from
155e353 to
f0ca2ac
Compare
llucax
requested changes
Oct 21, 2025
Contributor
llucax
left a comment
llucax
left a comment
There was a problem hiding this comment.
Needs changes to work with protobuf/grpc updates.
Signed-off-by: Mathias L. Baumann <mathias.baumann@frequenz.com>
Marenz
force-pushed
the
add-dependabot-workflow
branch
from
f0ca2ac to
40d9468
Compare
There was a problem hiding this comment.
Pull Request Overview
This PR introduces automated management of Dependabot pull requests through a new GitHub Actions workflow that approves and merges dependency updates automatically.
Key changes:
- Added a GitHub workflow that triggers on all pull requests from Dependabot
- Configured auto-approval and auto-merge for all dependency types using the
ad/dependabot-auto-approve@v1action
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Comment on lines
+13
to
+15
| - uses: ad/dependabot-auto-approve@v1 | ||
| with: | ||
| dependency-type: 'all' |
There was a problem hiding this comment.
Auto-merging all dependency types without validation could introduce breaking changes or security vulnerabilities. Consider restricting auto-merge to patch updates only, or implement additional checks (e.g., test suite passing) before merging.
Suggested change
| - uses: ad/dependabot-auto-approve@v1 | |
| with: | |
| dependency-type: 'all' | |
| - name: Run tests | |
| run: | | |
| npm ci | |
| npm test | |
| - uses: ad/dependabot-auto-approve@v1 | |
| with: | |
| dependency-type: 'production' | |
| update-type: 'version-update:semver-patch' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a GitHub workflow to automatically manage Dependabot pull requests.
This workflow uses the
ad/dependabot-auto-approve@v1GitHub Action, which may need to be explicitly whitelisted in the organization's settings.