I’ve recently been using a combination of GitHub apps to automate the approval and merging of Dependabot pull requests, but wanted to simplify this into a GitHub workflow, using branch protection and GitHub’s auto merge feature.

The GitHub workflow looks something like:

name: Dependabot
on: pull_request

permissions:
  contents: write

jobs:
  dependabot:
    runs-on: ubuntu-latest
    if: ${{ github.actor == 'dependabot[bot]' }}
    env:
      PR_URL: ${{github.event.pull_request.html_url}}
      GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} # I use a PA token.
    steps:
      - name: approve
        run: gh pr review --approve "$PR_URL"
      - name: merge
        run: gh pr merge --auto --squash --delete-branch "$PR_URL"

And it works! 🎉

The pull request now looks like the following:

Automating DependaBot pull request approval and merging

Once I had this implemented and pushed to all the repositories, I just need to tell Dependabot to rebase all pull requests.

It would be fairly easy to add a check for labels on the pull request, and only gh approve if the label was present, but I really didn’t have a use case for this right now because I feel confident in the required status checks.

Next

Rebasing All Dependabot Pull Requests

Previous

What is DevRel?

Related

• Rebasing All Dependabot Pull Requests
• Automatically Archiving Dependabot and Semantic Release Emails
• GitHub Workflow to Sync Branches
• Caching Playwright Binaries in GitHub Actions
• Using Google Container Registry, Docker Buildx, and GitHub Actions
• Microservice Usage Logging with Openresty and Google BigQuery
• Environment Variables in GitHub Docker build-push-action
• Unwatch All Repositories in a GitHub Organization

Get the RSS feeds: All, Run, Code.