Skip to content

ci: auto-approve major Dependabot updates#275

Merged
ksroda-sa merged 3 commits into
mainfrom
chore/auto-approve-major-dependabot
Jun 23, 2026
Merged

ci: auto-approve major Dependabot updates#275
ksroda-sa merged 3 commits into
mainfrom
chore/auto-approve-major-dependabot

Conversation

@ksroda-sa

Copy link
Copy Markdown
Collaborator

What

Removes the semver-patch/semver-minor guards from the Dependabot auto-merge workflow so the bot approves and enables auto-merge for all Dependabot PRs, including major version bumps.

Why

Major bumps (e.g. #268, actions/checkout v6→v7) previously got no bot approval and had to be approved fully manually. With 2 required reviewers configured, the bot approval still leaves a human review gate before auto-merge completes, so this just removes the extra manual approval click without bypassing review.

🤖 Generated with Claude Code

Remove the semver-patch/minor guards so the bot approves and enables
auto-merge for all Dependabot PRs, including major version bumps. With 2
required reviewers, the bot approval still leaves a human review gate
before auto-merge completes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the Dependabot auto-merge GitHub Actions workflow to auto-approve and enable auto-merge for all Dependabot PRs, including major version updates, removing the previous semver patch/minor gating.

Changes:

  • Removed semver-patch / semver-minor conditional guards from the “Approve PR” step.
  • Removed semver-patch / semver-minor conditional guards from the “Enable auto-merge” step.
  • Updated the workflow comment to reflect the new “approve all update types” behavior.
Comments suppressed due to low confidence (1)

.github/workflows/dependabot-auto-merge.yml:29

  • Same as above: add a brief note explaining why a PAT is required here, since it carries higher risk than github.token and is used on every Dependabot PR run.
        env:
          PR_URL: ${{ github.event.pull_request.html_url }}
          GH_TOKEN: ${{ secrets.GH_SERVICE_ACCOUNT_DEVOPS_2_PAT1 }}

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/dependabot-auto-merge.yml
Comment thread .github/workflows/dependabot-auto-merge.yml
Comment thread .github/workflows/dependabot-auto-merge.yml
ikawalec
ikawalec previously approved these changes Jun 22, 2026
The fetch-metadata step only existed to gate on update-type; with the
semver guards removed, nothing references it.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

Comment thread .github/workflows/dependabot-auto-merge.yml Outdated
pull_request.user.login is the PR author and stays dependabot[bot] for
the PR's lifetime, so a human pushing commits to a Dependabot branch
would otherwise trigger an auto-approval of their own changes. Require
github.actor to be dependabot[bot] as well.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@ksroda-sa ksroda-sa merged commit 7deda4e into main Jun 23, 2026
18 checks passed
@ksroda-sa ksroda-sa deleted the chore/auto-approve-major-dependabot branch June 23, 2026 07:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants