diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..7ee3cc7 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,32 @@ +name: Dependabot Auto-Merge +on: + workflow_run: + workflows: ["Test Code"] # Name of the test-code.yml workflow + types: + - completed + branches: [ main ] + +permissions: + contents: write + pull-requests: write + +jobs: + dependabot-auto-merge: + runs-on: ubuntu-latest + if: | + github.event.workflow_run.conclusion == 'success' && + github.actor == 'dependabot[bot]' + + steps: + - name: Fetch Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + + - name: Enable auto-merge for Dependabot PRs + if: ${{steps.metadata.outputs.update-type != 'version-update:semver-major'}} + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/README.md b/README.md index fa5edc8..680e902 100644 --- a/README.md +++ b/README.md @@ -161,3 +161,9 @@ poetry run python src/python_src/pull_api_documentation.py ## Repository History NOTE: this repository was split from [abd-vro](https://github.com/department-of-veterans-affairs/abd-vro/tree/develop/domain-ee/ee-max-cfi-app). + +## Automated Dependency Updates + +This repository uses Dependabot to keep dependencies up to date. Pull requests from Dependabot are automatically merged if: +- All checks pass +- The update is a minor or patch version change (major version updates require manual review)