File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1- * @ MichaelsEngineering
2- .github /** @ MichaelsEngineering
31plans /** @ MichaelsEngineering
42scripts /agent-orchestrator /** @ MichaelsEngineering
53src /** @ MichaelsEngineering
Original file line number Diff line number Diff line change @@ -8,13 +8,6 @@ updates:
88 time : " 03:00"
99 timezone : " UTC"
1010 open-pull-requests-limit : 5
11- labels :
12- - " dependencies"
13- - " security"
14- assignees :
15- - " MichaelsEngineering"
16- reviewers :
17- - " MichaelsEngineering"
1811 groups :
1912 python-security :
2013 applies-to : security-updates
@@ -33,13 +26,6 @@ updates:
3326 time : " 03:15"
3427 timezone : " UTC"
3528 open-pull-requests-limit : 5
36- labels :
37- - " dependencies"
38- - " security"
39- assignees :
40- - " MichaelsEngineering"
41- reviewers :
42- - " MichaelsEngineering"
4329 groups :
4430 actions-security :
4531 applies-to : security-updates
Original file line number Diff line number Diff line change 1+ name : dependabot-auto-merge
2+
3+ on :
4+ pull_request_target :
5+ types :
6+ - opened
7+ - reopened
8+ - synchronize
9+ - ready_for_review
10+
11+ permissions :
12+ contents : write
13+ pull-requests : write
14+
15+ jobs :
16+ dependabot :
17+ name : dependabot
18+ if : github.event.pull_request.user.login == 'dependabot[bot]' && !github.event.pull_request.draft
19+ runs-on : ubuntu-latest
20+ steps :
21+ - name : Fetch Dependabot metadata
22+ id : metadata
23+ uses : dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7
24+ with :
25+ github-token : ${{ secrets.GITHUB_TOKEN }}
26+
27+ - name : Approve safe Dependabot updates
28+ if : |
29+ startsWith(steps.metadata.outputs.update-type, 'security-update:') ||
30+ steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
31+ steps.metadata.outputs.update-type == 'version-update:semver-minor'
32+ run : gh pr review --approve "$PR_URL"
33+ env :
34+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
35+ PR_URL : ${{ github.event.pull_request.html_url }}
36+
37+ - name : Enable auto-merge for safe Dependabot updates
38+ if : |
39+ startsWith(steps.metadata.outputs.update-type, 'security-update:') ||
40+ steps.metadata.outputs.update-type == 'version-update:semver-patch' ||
41+ steps.metadata.outputs.update-type == 'version-update:semver-minor'
42+ run : gh pr merge --auto --squash "$PR_URL"
43+ env :
44+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
45+ PR_URL : ${{ github.event.pull_request.html_url }}
Original file line number Diff line number Diff line change 1+ name : dependency-review
2+
3+ on :
4+ pull_request :
5+
6+ permissions :
7+ contents : read
8+ pull-requests : write
9+
10+ jobs :
11+ dependency-review :
12+ name : dependency-review
13+ runs-on : ubuntu-latest
14+ steps :
15+ - name : Checkout
16+ uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
17+ with :
18+ fetch-depth : 0
19+ - name : Detect dependency file changes
20+ id : changed
21+ run : |
22+ if git diff --name-only "${{ github.event.pull_request.base.sha }}" "${{ github.event.pull_request.head.sha }}" | grep -Eq '^(pyproject\.toml|uv\.lock)$'; then
23+ echo "run_review=true" >> "$GITHUB_OUTPUT"
24+ else
25+ echo "run_review=false" >> "$GITHUB_OUTPUT"
26+ fi
27+ - name : Skip dependency review when no package manifests changed
28+ if : steps.changed.outputs.run_review != 'true'
29+ run : echo "No dependency manifest changes detected; skipping dependency review."
30+ - name : Review dependency changes
31+ if : steps.changed.outputs.run_review == 'true'
32+ uses : actions/dependency-review-action@v4
You can’t perform that action at this time.
0 commit comments