diff --git a/.github/dependabot.yml b/.github/dependabot.yml index abe6226..0cf328d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,15 @@ +# Basic set up +# https://help.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#package-ecosystem + version: 2 updates: - - package-ecosystem: "pip" # See documentation for possible values - directory: "/" # Location of package manifests + + - package-ecosystem: "pip" + directory: "/" schedule: interval: "daily" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: daily diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml new file mode 100644 index 0000000..af78ebb --- /dev/null +++ b/.github/workflows/auto-merge-dependabot.yml @@ -0,0 +1,34 @@ +# Based on https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request +name: Dependabot auto-merge +on: pull_request_target + +permissions: + pull-requests: write + contents: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v1.3.1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + + - name: Enable auto-merge for Dependabot PRs + # Automatically merge semver-patch and semver-minor PRs + # or black dependency upgrades + if: "${{ steps.metadata.outputs.update-type == + 'version-update:semver-minor' || + steps.metadata.outputs.update-type == + 'version-update:semver-patch' || + steps.metadata.outputs.dependency-names == + 'black' }}" + + # https://cli.github.com/manual/gh_pr_merge + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}