Auto approve dependabot#36
Merged
simongdavies merged 3 commits intohyperlight-dev:mainfrom Apr 9, 2026
Merged
Conversation
Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>
Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a scheduled GitHub Actions workflow plus a helper script to automatically approve and merge eligible Dependabot PRs, and updates Dependabot configuration to expand/adjust dependency update coverage.
Changes:
- Introduce
scripts/auto-approve-dependabot.shto find, approve, and (auto-)merge Dependabot PRs under specific constraints. - Add
.github/workflows/auto-merge-dependabot.ymlto run the script on a daily schedule (and manually). - Update
.github/dependabot.ymlto use multi-directory updates and increase open PR limits.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| scripts/auto-approve-dependabot.sh | Implements PR filtering + approval/merge logic for Dependabot PRs. |
| .github/workflows/auto-merge-dependabot.yml | Scheduled workflow that generates an app token and runs the auto-approve script. |
| .github/dependabot.yml | Expands Dependabot update configuration (multi-directory + higher PR limit). |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
squillace
pushed a commit
to squillace/hyperagent
that referenced
this pull request
Apr 15, 2026
* Windows platform support: - Justfile: [windows] recipes for build-hyperlight, resolve-hyperlight-dir, start-debug - Justfile: runtime-cflags forward-slash fix for clang cross-compilation - build-binary.js: .cmd launcher, platform-aware post-build output - plugins: O_NOFOLLOW fallback (Windows lacks O_NOFOLLOW, relies on lstat pre-check) - agent/index.ts: pathToFileURL for ESM plugin imports on Windows - build.rs: forward-slash CFLAGS for clang on Windows - code-validator/guest: win32-x64-msvc NAPI target - .gitattributes: enforce LF line endings across platforms VM resource management: - sandbox/tool.js: invalidateSandbox() now calls dispose() on LoadedJSSandbox and JSSandbox for deterministic VM cleanup instead of relying on V8 GC - Updated hyperlight-js dep to include dispose() API Error handling: - agent/event-handler.ts: suppress duplicate 'Tool execution failed' messages - sandbox/tool.js: MMIO error detection in compilation and runtime paths - agent/index.ts: surrogate pool env vars (HYPERLIGHT_INITIAL/MAX_SURROGATES) Test fixes (Windows compatibility): - tests: symlink EPERM skip for Windows (path-jail, fs-read, fs-write) - tests/dts-sync: rmSync instead of shell rm -rf - tests/pattern-loader: unique tmpdir per test to avoid Windows EBUSY locks CI: - pr-validate.yml: Windows WHP matrix - publish.yml: Windows build support Security: - npm audit fix across all workspaces (picomatch, brace-expansion) - plugin-system/manager.ts: simplified ternary Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com> * fix: cross-platform npm publish with runtime NAPI detection - build-binary.js: use napi-rs generated index.js for platform detection instead of hardcoded triple shim. Copies all available .node files so the package works on any platform. - publish.yml: build native addons on Linux AND Windows in parallel, upload as artifacts, combine in publish job. Tests run on each platform before upload. Follows same pattern as hyperlight-js PR hyperlight-dev#36. Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com> * fix: download artifacts after setup to avoid symlink clobber Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com> * feat: add musl (Alpine) build target for hyperlight-analysis - Add x86_64-unknown-linux-musl to napi targets in package.json - Add linux-musl build matrix entry in publish.yml (same Linux runner, installs musl-tools and adds Rust musl target) Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com> * fix: cross-platform publish with musl detection and CI corrections build-binary.js: - Launcher detects musl vs glibc for hyperlight-analysis .node loading using ldd probe, tries platform-specific .node directly - Uses napi-rs generated index.js for js-host-api (has full detection) - Copies all available platform .node files via ALL_TRIPLES loop publish.yml: - musl build: cross-compiles from glibc runner with musl-tools, uses napi build --target x86_64-unknown-linux-musl, skips tests (musl .node can't run on glibc host) - gnu/win32 builds: run tests natively on their platforms - publish-npm: runs on self-hosted runner (needs Rust toolchain), downloads artifacts AFTER setup to avoid symlink clobber - Verifies musl .node files are produced before artifact upload Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com> * fix: commit regenerated ha-modules.d.ts + add sync test - ha-modules.d.ts: update return types to ShapeFragment (was string) to match upstream ShapeFragment safety system changes - dts-sync.test.ts: add ha-modules.d.ts regeneration check that catches drift when module exports/types change but the generator isn't re-run Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com> --------- Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces automation for handling Dependabot PRs and enhances the configuration for dependency updates. The main changes are the addition of a workflow and script to automatically approve and merge eligible Dependabot PRs.