Skip to content

Add Dependabot auto-merge workflow#318

Merged
hzhangxyz merged 2 commits intomainfrom
copilot/dependabot-auto-merge-prs
Apr 9, 2026
Merged

Add Dependabot auto-merge workflow#318
hzhangxyz merged 2 commits intomainfrom
copilot/dependabot-auto-merge-prs

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 9, 2026
edited
Loading

Dependabot PRs with all checks passing should be merged automatically without manual intervention.

Changes

  • New workflow .github/workflows/dependabot.yml: triggers on pull_request, skips non-Dependabot actors, and calls gh pr merge --auto --squash to enable GitHub's native auto-merge — the merge fires only after all required status checks pass
jobs:
  dependabot:
    runs-on: ubuntu-latest
    if: github.actor == 'dependabot[bot]'
    steps:
      - name: auto-merge
        run: gh pr merge --auto --squash "$PR_URL"
        env:
          PR_URL: ${{ github.event.pull_request.html_url }}
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Requires contents: write and pull-requests: write permissions. Style follows existing workflows (on: list notation, same job structure).

Copilot AI linked an issue Apr 9, 2026 that may be closed by this pull request
Dependabot提交的PR,如果action check完全通过,应该自动merge #317
Closed
@hzhangxyz
Add Dependabot auto-merge workflow
6159e5d 
Agent-Logs-Url: https://github.com/USTC-KnowledgeComputingLab/ds/sessions/bde5e7de-b535-4e83-81de-05595cc8710f

Co-authored-by: hzhangxyz <11623447+hzhangxyz@users.noreply.github.com>
Copilot AI changed the title [WIP] Add auto merge for dependabot PRs after successful checks Add Dependabot auto-merge workflow Apr 9, 2026
Copilot AI requested a review from hzhangxyz April 9, 2026 05:07
@hzhangxyz hzhangxyz marked this pull request as ready for review April 9, 2026 06:30
Copilot AI review requested due to automatic review settings April 9, 2026 06:30
Copilot AI reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a GitHub Actions workflow to automatically enable GitHub’s native auto-merge for Dependabot PRs once required checks pass, reducing manual maintenance overhead.

Changes:

  • Introduces .github/workflows/dependabot.yml workflow triggered on PR events.
  • Uses gh pr merge --auto --squash to enable auto-merge on qualifying PRs.
  • Grants workflow-level contents: write and pull-requests: write permissions to allow merging.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/dependabot.yml
jobs:
dependabot:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The job gating uses github.actor == 'dependabot[bot]', which depends on who triggered the event rather than who owns the PR. If a Dependabot-authored PR is updated or re-run by a maintainer, github.actor may no longer be dependabot[bot], and auto-merge won’t be (re)enabled. Prefer checking the PR author instead (e.g., github.event.pull_request.user.login == 'dependabot[bot]').

Suggested change
if: github.actor == 'dependabot[bot]'
if: github.event.pull_request.user.login == 'dependabot[bot]'

Copilot uses AI. Check for mistakes.
.github/workflows/dependabot.yml
pull-requests: write

on:
- pull_request
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

on: pull_request without specifying types runs on all PR activity (including closed). Dependabot can close its own PRs (e.g., superseded updates), and gh pr merge --auto will fail/no-op on closed PRs, creating noisy failing workflow runs. Consider restricting trigger types (e.g., opened, reopened, synchronize, ready_for_review) and/or adding an if: guard that the PR state is open.

Suggested change
- pull_request
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review

Copilot uses AI. Check for mistakes.
@hzhangxyz hzhangxyz merged commit 6a09864 into main Apr 9, 2026
91 checks passed
Copilot AI mentioned this pull request Apr 9, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@hzhangxyz hzhangxyz Awaiting requested review from hzhangxyz

Assignees

@hzhangxyz hzhangxyz

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Dependabot提交的PR,如果action check完全通过,应该自动merge

3 participants

@hzhangxyz