Commit 7deda4e
ci: auto-approve major Dependabot updates (#275)
* ci: auto-approve major Dependabot updates
Remove the semver-patch/minor guards so the bot approves and enables
auto-merge for all Dependabot PRs, including major version bumps. With 2
required reviewers, the bot approval still leaves a human review gate
before auto-merge completes.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* ci: drop now-unused Dependabot metadata step
The fetch-metadata step only existed to gate on update-type; with the
semver guards removed, nothing references it.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* ci: also gate auto-merge on the event actor
pull_request.user.login is the PR author and stays dependabot[bot] for
the PR's lifetime, so a human pushing commits to a Dependabot branch
would otherwise trigger an auto-approval of their own changes. Require
github.actor to be dependabot[bot] as well.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent db53d9b commit 7deda4e
1 file changed
Lines changed: 4 additions & 14 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
9 | 9 | | |
10 | 10 | | |
11 | 11 | | |
12 | | - | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
13 | 15 | | |
14 | | - | |
15 | | - | |
16 | | - | |
17 | | - | |
18 | | - | |
19 | 16 | | |
20 | | - | |
21 | | - | |
22 | | - | |
23 | | - | |
24 | | - | |
| 17 | + | |
25 | 18 | | |
26 | 19 | | |
27 | 20 | | |
28 | 21 | | |
29 | 22 | | |
30 | | - | |
31 | | - | |
32 | | - | |
33 | 23 | | |
34 | 24 | | |
35 | 25 | | |
| |||
0 commit comments