diff --git a/.github/workflows/auto-approve-dependabot.yml b/.github/workflows/auto-approve-dependabot.yml new file mode 100644 index 0000000000000..5eb14a05c1890 --- /dev/null +++ b/.github/workflows/auto-approve-dependabot.yml @@ -0,0 +1,27 @@ +# Automatically approve PRs made by Dependabot +# +# Written to look at the original author of the PR (instead of the current +# actor) in order to be able to backresolve existing PRs using this action (by +# mass labeling them). Leads to slightly unnecessary spammage of aprovals in a +# PR... +# +# Only does approvals! A different GitHub Action takes care of merging. +name: Auto-approve Dependabot +on: + pull_request: + types: + - labeled + - opened + - ready_for_review + - reopened + - synchronize + - unlabeled + - unlocked +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: hmarr/auto-approve-action@7782c7e2bdf62b4d79bdcded8332808fd2f179cd + if: github.event.pull_request.user.login == 'dependabot[bot]' || github.event.pull_request.user.login == 'dependabot-preview[bot]' + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.mergify.yml b/.mergify.yml index 93d8dd08d7bea..c3c903c5d5f65 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -90,3 +90,25 @@ pull_request_rules: - status-failure=Semantic Pull Request - -merged - -closed + - name: automatic merge of Dependabot PRs + actions: + comment: + message: Thanks Dependabot! + merge: + # 'strict: false' disables Mergify keeping the branch up-to-date from master. + # It's not necessary: Dependabot will do that itself. + # It's not dangerous: GitHub branch protection settings prevent merging stale branches. + strict: false + method: squash + delete_head_branch: {} + conditions: + - -title~=(WIP|wip) + - -label~=(blocked|do-not-merge) + - -merged + - -closed + - author~=dependabot + - "#approved-reviews-by>=1" + - "#changes-requested-reviews-by=0" + - status-success~=AWS CodeBuild us-east-1 + - status-success=Semantic Pull Request + - status-success=mandatory-changes