chore: change dependabot to auto-approve only (#458)

When dependabot PRs are automatically merged, the resulting commit doesn't run workflows on main if the default GitHub token is used. Rather than generate a more potent token, or live with some commits not running workflows on main, scale back dependabot automation to only approve the PRs but not merge them. This still reduces toil by saving several clicks in the UI. Signed-off-by: Will Murphy <[email protected]>
anchore · Jan 18, 2024 · 4d309f2 · 4d309f2
1 parent 2ebcf19
commit 4d309f2
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/.github/workflows/dependabot-automation.yaml b/.github/workflows/dependabot-automation.yaml
@@ -0,0 +1,10 @@
+name: Dependabot Automation
+on:
+  pull_request:
+
+permissions:
+  pull-requests: write
+
+jobs:
+  run:
+    uses: anchore/workflows/.github/workflows/dependabot-automation.yaml@main