ci-droid icon indicating copy to clipboard operation
ci-droid copied to clipboard

Published 20 hours ago verified publisher icon societe-generale

Auto approve and merge the pull requests raised by dependabot

Open J-DK opened this issue 4 years ago • 6 comments

Is your feature request related to a problem? Please describe.

As the dependabot bumps the versions of different dependencies regularly, it is difficult for the project owner to review, approve, rebase, merge the PR.

Describe the solution you'd like

Automate the above process with github actions

J-DK avatar Mar 23 '20 05:03 J-DK

I have done this automation in few other repositories and it really saved a lot of time.

J-DK avatar Mar 23 '20 05:03 J-DK

do you have a link showing how to do that automation ? (I don't receive so many Dependabot PRs for now though)

vincent-fuchs avatar Mar 23 '20 15:03 vincent-fuchs

Hi @vincent-fuchs , I have written a blog about how to achieve it.

J-DK avatar Mar 24 '20 07:03 J-DK

Hi @vincent-fuchs @J-DK, There's no need of a GitHub action to allow dependabot to automatically merge certain dependencies updates, see below:

image

If you want I can take care of it, there's multiple policies based on the semver:

  • security patch only
  • all patch
  • minors
  • in-range
  • all

acourtiol avatar Apr 17 '20 21:04 acourtiol

@acourtiol I wasn't aware of this. Thank you for sharing.

paul58914080 avatar Apr 18 '20 05:04 paul58914080

I did a bit of study and found that this wouldn't work if we have protected branch settings. More about this issue is mentioned in https://github.com/dependabot/feedback/issues/86. We may probably need https://github.com/hmarr/auto-approve-action along with permissions(in case we have enabled the settings of protected branch). I do not have the view of settings.

paul58914080 avatar Apr 18 '20 05:04 paul58914080