Skip to content

ci: auto-merge dependabot patch update PRs #431

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 24, 2022
Merged

ci: auto-merge dependabot patch update PRs #431

merged 1 commit into from
Feb 24, 2022

Conversation

alex-chew
Copy link
Contributor

Issue #, if available:

Description of changes: This PR adds an Actions workflow to automatically merge dependabot patch-update PRs once they are approved, as described in the GitHub docs.

Because we require code-owner approval to merge PRs, new dependabot PRs still require human interaction before they are merged. This is intentional as it lets us ensure that the automatic merge works as desired. We can later set up another Actions workflow to automatically approve dependabot PRs as well.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

@alex-chew alex-chew requested a review from a team as a code owner February 24, 2022 00:14
josecorella
josecorella reviewed Feb 24, 2022
View reviewed changes
.github/workflows/dependabot-auto-merge.yml
id: metadata
uses: dependabot/fetch-metadata@v1.1.1
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we have to create this token? currently for this repo we don't have secrets for dependabot
only for actions

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, the token is automatically provided to Actions workflows. Dependabot workflows get read-only tokens by default, but the permissions block in the workflow config serve to allow the necessary actions for merging.

josecorella
josecorella approved these changes Feb 24, 2022
View reviewed changes
Copy link
Contributor

@josecorella josecorella left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@alex-chew alex-chew merged commit 9f1fa32 into aws:master Feb 24, 2022
@alex-chew alex-chew deleted the dependabot-auto-merge branch February 24, 2022 00:47
@alex-chew alex-chew mentioned this pull request Feb 24, 2022
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josecorella josecorella josecorella approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alex-chew @josecorella