Skip to content

Commit a0367c3

Browse files
authored
ci: use DEPENDABOT_TOKEN for dependabot auto-merge (#147)
Switch the dependabot auto-merge workflow from the default GITHUB_TOKEN to a dedicated DEPENDABOT_TOKEN PAT so merges trigger downstream CI and satisfy branch protection review requirements
1 parent 87fad7a commit a0367c3

1 file changed

Lines changed: 4 additions & 4 deletions

File tree

.github/workflows/dependabot-merge.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ jobs:
1818
id: meta
1919
uses: dependabot/fetch-metadata@v3
2020
with:
21-
github-token: "${{ secrets.GITHUB_TOKEN }}"
21+
github-token: "${{ secrets.DEPENDABOT_TOKEN }}"
2222

2323
- name: Check if auto-merge applicable
2424
id: check
@@ -35,18 +35,18 @@ jobs:
3535
run: gh pr review --approve "$PR_URL"
3636
env:
3737
PR_URL: ${{ github.event.pull_request.html_url }}
38-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
38+
GH_TOKEN: ${{ secrets.DEPENDABOT_TOKEN }}
3939

4040
- name: Wait for checks to pass
4141
if: steps.check.outputs.should_merge == 'true'
4242
run: gh pr checks "$PR_URL" --watch --required --fail-fast
4343
env:
4444
PR_URL: ${{ github.event.pull_request.html_url }}
45-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
45+
GH_TOKEN: ${{ secrets.DEPENDABOT_TOKEN }}
4646

4747
- name: Squash and merge
4848
if: steps.check.outputs.should_merge == 'true'
4949
run: gh pr merge --squash "$PR_URL"
5050
env:
5151
PR_URL: ${{ github.event.pull_request.html_url }}
52-
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
52+
GH_TOKEN: ${{ secrets.DEPENDABOT_TOKEN }}

0 commit comments

Comments
 (0)