add workflow that auto approves dependabot PRs

kolorfilm · Oct 23, 2024 · 4623e71 · 4623e71
1 parent 221ad9e
commit 4623e71
Showing 1 changed file with 38 additions and 0 deletions.
diff --git a/.github/workflows/auto-approve-dependabot-pull-requests-targeting-main.yml b/.github/workflows/auto-approve-dependabot-pull-requests-targeting-main.yml
@@ -0,0 +1,38 @@
+name: Auto-approve Dependabot pull requests targeting `main`
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  # Needed for automatic approval
+  pull-requests: write
+  # Needed for automatic merge
+  contents: write
+
+jobs:
+  dependabot_approve_and_merge:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+
+    steps:
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/[email protected]
+        with:
+          app_id: ${{ secrets.BOT_APP_ID }}
+          private_key: ${{ secrets.BOT_PRIVATE_KEY }}
+
+      - name: Authenticate CLI
+        run: echo "${{ steps.generate_token.outputs.token }}" | gh auth login --with-token
+
+      - name: Approve Dependabot PR
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+        run: gh pr review "$PR_URL" --approve
+
+      - name: Enable auto-merge for Dependabot PR
+        run: gh pr merge "$PR_URL" --auto --merge --delete-branch
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}