This post goes over how to auto-merge Dependabot PR.
Prerequisite
Create a workflow that runs on pull_request_target
and has the following permissions:
# .github/workflows/auto-merge-dependabot-pr.yml
on: pull_request_target
permissions:
contents: write
pull-requests: write
Auto-Merge
Create a job that checks if the user is Dependabot and auto-merges the pull request with GitHub CLI:
jobs:
auto-merge-dependabot-pr:
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
steps:
- name: Auto-merge Dependabot PR
run: gh pr merge --auto --merge ${{ github.event.pull_request.html_url }}
env:
GITHUB_TOKEN: ${{ github.token }}
Make sure to allow auto-merge in your GitHub repository settings or else you will get an error.
You can restrict merging to only pull requests that has deps-dev
in the title:
- name: Auto-merge Dependabot PR
+ if: contains(github.event.pull_request.title, 'deps-dev')
run: gh pr merge --auto --merge ${{ github.event.pull_request.html_url }}
Approve
If you enabled the branch protection that requires at least 1 approval before merging, then make the bot approve the PR:
- name: Approve Dependabot PR
run: gh pr review --approve ${{ github.event.pull_request.html_url }}
env:
GITHUB_TOKEN: ${{ github.token }}
Workflow
See the final workflow:
# .github/workflows/auto-merge-dependabot-pr.yml
name: Auto-merge Dependabot PR
on: pull_request_target
permissions:
contents: write
pull-requests: write
jobs:
auto-merge-dependabot-pr:
if: github.actor == 'dependabot[bot]'
runs-on: ubuntu-latest
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GITHUB_TOKEN: ${{ github.token }}
steps:
- name: Approve Dependabot PR
run: gh pr review --approve $PR_URL
- name: Auto-merge Dependabot PR
if: contains(github.event.pull_request.title, 'deps-dev')
run: gh pr merge --auto --merge $PR_URL