Automatically Approving and Merging Dependabot Pull Requests

Created on .

Read in 1 minute.

I’ve recently been using a combination of GitHub apps to automate the approval and merging of Dependabot pull requests, but wanted to simplify this into a GitHub workflow, using branch protection and GitHub’s auto merge feature.

The GitHub workflow looks something like:

name: Dependabot
on: pull_request

permissions:
contents: write

jobs:
dependabot:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} # I use a PA token.
steps:
- name: approve
run: gh pr review --approve "$PR_URL"
- name: merge
run: gh pr merge --auto --squash --delete-branch "$PR_URL"

Warning: I wouldn’t implement this without branch protection and required status checks.

And it works! 🎉

The pull request no looks like the following:

Automating DependaBot pull request approval and merging

Automating DependaBot pull request approval and merging

Once I had this implemented and pushed to all the repositories, I just need to tell Dependabot to rebase all pull requests.

It would be fairly easy to add a check for labels on the pull request, and only gh approve if the label was present, but I really didn’t have a use case for this right now because I feel confident in the required status checks.


Next

Rebasing All Dependabot Pull Requests

Previous

What is DevRel?

Related


Get the RSS feeds: All, Run, Code.