Auto-merge Dependabot PRs for NPM packages (#123)

All updates except major ones. There can be many such PRs every week. This will remove the burden of manually approving and merging these PRs (assuming all tests are passing). Signed-off-by: Antonin Bas <abas@vmware.com>
antrea-io · Oct 2, 2023 · d29616f · d29616f
1 parent fffcfa4
commit d29616f
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/.github/workflows/dependabot_automerge.yml b/.github/workflows/dependabot_automerge.yml
@@ -0,0 +1,23 @@
+name: Dependabot auto-merge
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v1
+        with:
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+      - name: Enable auto-merge for npm Dependabot PRs (except major updates)
+        if: ${{ steps.metadata.outputs.package-ecosystem == 'npm' && steps.metadata.outputs.update-type != 'version-update:semver-major' }}
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}