Description of the feature request
Problem statement
Today dependabot PRs require manual approval, which consists of checking if the PR builds succeeded and then merging the changes.
Summary of the feature
By enabling auto-merge for a dependabot pull requests we can reduce the required maintenance time, and focus our time on more creative tasks.
To auto-merge your pull requests, we can use GitHub's auto-merge functionality. This enables the pull request to be merged when all required tests and approvals are successfully met.
The auto-merge functionality lets us configure under which conditions we want to enable auto-merge. This lets us start with a list of trusted dependencies (e.g. aws-sdk
) and a certain version type (e.g. patch). The example below limits auto-merge to patches of aws-sdk
.
- name: Enable auto-merge for Dependabot PRs
if: ${{contains(steps.metadata.outputs.dependency-names, 'aws-sdk') && steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
Auto-merge requires permissions to write to PRs, as shown below:
permissions:
pull-requests: write
contents: write
Code examples
Below is an example that I copied from the Github docs and switched the trusted library to aws-sdk
. I did not dive deep into the step Dependabot metadata
yet.
name: Dependabot auto-merge
on: pull_request_target
permissions:
pull-requests: write
contents: write
jobs:
dependabot:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/[email protected]
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Enable auto-merge for Dependabot PRs
if: ${{contains(steps.metadata.outputs.dependency-names, 'aws-sdk') && steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
Benefits for you and the wider AWS community
Maintainers spend less time on chores, and have more time to engage with the community.
Describe alternatives you've considered
I have not yet investigated alternatives, as this seems to be the recommended approach for Github.
With this issue I am not suggesting that we should enable the auto-merge feature through the GitHub UI.
Additional context
None yet.
Related issues, RFCs
None yet.