-
Notifications
You must be signed in to change notification settings - Fork 1
48 lines (45 loc) · 1.74 KB
/
dependabot-auto-merge.yml
File metadata and controls
48 lines (45 loc) · 1.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
name: Dependabot auto-merge
on:
pull_request_target:
types: [opened, reopened, synchronize, ready_for_review]
permissions:
contents: read
pull-requests: read
# Dependabot auto-merge policy is defined in .llm/context.md and locked in by
# scripts/tests/test_enable_dependabot_automerge.py. Do NOT add a one-shot
# bypass, do NOT wrap the script in a sub-job-level `timeout`, and do NOT
# lower `timeout-minutes` below 32 — the polling loop needs ~32 minutes
# to settle plus runner overhead.
jobs:
dependabot:
name: Enable auto-merge for Dependabot PRs
if: github.event.pull_request.user.login == 'dependabot[bot]' && !github.event.pull_request.draft && github.event.pull_request.head.repo.full_name == github.repository
timeout-minutes: 40
concurrency:
group: dependabot-automerge-${{ github.event.pull_request.number }}
cancel-in-progress: true
permissions:
checks: read
contents: write
pull-requests: write
statuses: read
runs-on: ubuntu-latest
steps:
- name: Log workflow source context
run: |
echo "workflow_ref=${GITHUB_WORKFLOW_REF}"
echo "base_sha=${BASE_SHA}"
echo "head_sha=${HEAD_SHA}"
env:
BASE_SHA: ${{ github.event.pull_request.base.sha }}
HEAD_SHA: ${{ github.event.pull_request.head.sha }}
- name: Checkout trusted base ref
uses: actions/checkout@v6
with:
ref: ${{ github.event.pull_request.base.sha }}
- name: Enable auto-merge
run: bash ./scripts/ci/enable-dependabot-automerge.sh
env:
PR_URL: ${{ github.event.pull_request.html_url }}
PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}