Since Dependabot was acquired by GitHub the native Dependabot auto-merge functionality stopped working, This is a way to re-enable that functionality for a repository.
- Create a Dependabot configuration YAML (look here for the syntax) for your repository in
.github/dependabot.yml
, for example:
version: 2
updates:
- package-ecosystem: npm
directory: "/"
schedule:
interval: monthly
time: "04:00"
open-pull-requests-limit: 10
- Configure the "Merge me!" GitHub Action in your build workflow:
name: 'CICD'
on:
push:
branches:
- master
pull_request:
branches:
- master
jobs:
build_and_test:
...
merge_me:
name: 'Auto-merge dependabot PRs'
needs: build_and_test
runs-on: ubuntu-latest
steps:
- name: 'Merge dependabot PR branch'
uses: ridedott/merge-me-action@master
with:
# If you have branch protection enabled then set a token in your repository secrets
# with sufficient permission and use that: GITHUB_TOKEN: ${{ secrets.TOKEN_DEPENDABOT }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_LOGIN: dependabot[bot]