Skip to content

Instantly share code, notes, and snippets.

@robvanderleek
Last active December 25, 2020 12:34
Show Gist options
  • Save robvanderleek/0143ca69332ec6ffe50b12d3a7d4fb5e to your computer and use it in GitHub Desktop.
Save robvanderleek/0143ca69332ec6ffe50b12d3a7d4fb5e to your computer and use it in GitHub Desktop.
Auto-merge Dependabot Pull-Requests

Auto-merge Dependabot Pull-Requests

Since Dependabot was acquired by GitHub the native Dependabot auto-merge functionality stopped working, This is a way to re-enable that functionality for a repository.

  1. Create a Dependabot configuration YAML (look here for the syntax) for your repository in .github/dependabot.yml, for example:
version: 2
updates:
- package-ecosystem: npm
  directory: "/"
  schedule:
    interval: monthly
    time: "04:00"
  open-pull-requests-limit: 10
  1. Configure the "Merge me!" GitHub Action in your build workflow:
name: 'CICD'
on:
  push:
    branches:
      - master
  pull_request:
    branches:
      - master
jobs:
  build_and_test:
  ...
merge_me:
    name: 'Auto-merge dependabot PRs'
    needs: build_and_test
    runs-on: ubuntu-latest
    steps:
      - name: 'Merge dependabot PR branch'
        uses: ridedott/merge-me-action@master
        with:
          # If you have branch protection enabled then set a token in your repository secrets
          # with sufficient permission and use that: GITHUB_TOKEN: ${{ secrets.TOKEN_DEPENDABOT }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
          GITHUB_LOGIN: dependabot[bot]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment