Skip to content

ci(deps): auto-approve / auto-merge dependencies from dependabot#548

Merged
mwbrooks merged 1 commit intomainfrom
mwbrooks-dependabot-auto-merge
Feb 4, 2026
Merged

ci(deps): auto-approve / auto-merge dependencies from dependabot#548
mwbrooks merged 1 commit intomainfrom
mwbrooks-dependabot-auto-merge

Conversation

@mwbrooks
Copy link
Member

@mwbrooks mwbrooks commented Feb 4, 2026

Summary

Add a GitHub Actions workflow to auto-approve and auto-merge Dependabot pull requests for patch and minor version updates.

This reduces maintenance burden by automatically handling low-risk dependency updates while still requiring manual review for major version bumps.

Repository Settings Required

To enable auto-merge functionality, the following repository settings must be configured:

  • Settings → General → Pull Requests

    • ✅ Allow auto-merge

  • Settings → Branches → main branch protection rule

    • ✅ Require status checks to pass before merging
      • Add required checks: Build, Unit Tests

  • Settings → Actions → General → Workflow permissions

    • ✅ Allow GitHub Actions to create and approve pull requests

Requirements (place an x in each [ ])

@mwbrooks mwbrooks added dependencies Pull requests that update a dependency file semver:patch labels Feb 4, 2026
@mwbrooks mwbrooks requested a review from a team as a code owner February 4, 2026 00:20
@mwbrooks mwbrooks self-assigned this Feb 4, 2026
zimeg
zimeg approved these changes Feb 4, 2026
View reviewed changes
Copy link
Member

@zimeg zimeg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - clean dependabot auto-merge workflow

@codecov
Copy link

codecov bot commented Feb 4, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.90%. Comparing base (68e4523) to head (3d6c2eb).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #548   +/-   ##
=======================================
  Coverage   95.90%   95.90%           
=======================================
  Files          14       14           
  Lines        2686     2686           
=======================================
  Hits         2576     2576           
  Misses        110      110

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mwbrooks
Copy link
Member Author

mwbrooks commented Feb 4, 2026

Thanks @zimeg for the timely review!

I had to enable the following on this repo:

  • Allow GitHub Actions to create and approve pull requests
  • Required Status Checks
    • Run Tests

My understanding is that merging this PR will not enable auto-approval / auto-merging out-of-the-box because we must manually approve the running of tests on pull requests for external contributors. However, we'll address that in a future PR.

@mwbrooks mwbrooks merged commit 3345d5a into main Feb 4, 2026
9 checks passed
@mwbrooks mwbrooks deleted the mwbrooks-dependabot-auto-merge branch February 4, 2026 03:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zimeg zimeg zimeg approved these changes

Assignees

@mwbrooks mwbrooks

Labels

dependencies Pull requests that update a dependency file semver:patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mwbrooks @zimeg