name: dependabot-auto-merge on: pull_request permissions: contents: write jobs: dependabot-auto-merge: runs-on: ubuntu-latest if: github.actor == 'dependabot[bot]' steps: - name: Get Dependabot metadata id: metadata uses: dependabot/fetch-metadata@v1 with: github-token: ${{ secrets.GITHUB_TOKEN }} - name: Enable auto-merge for Dependabot PRs if: steps.metadata.outputs.dependency-type == 'direct:development' && (steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch') run: | gh pr review --approve "$PR_URL" gh pr merge --auto --squash "$PR_URL" env: PR_URL: ${{ github.event.pull_request.html_url }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}