Menu
Following "Dependabot is moving natively into GitHub!", I had to update my dependabot config files to use version 2 format.
My .dependabot/config.yaml did look like:
version: 1
update_configs:
- package_manager: "python"
directory: "/"
update_schedule: "live"
automerged_updates:
- match:
dependency_type: "all"
update_type: "all"
I've got the following working:
version: 2
updates:
- package-ecosystem: pip
directory: "/"
schedule:
interval: daily
but I can't seem to add the automerge option again (when checking with the dependabot validator)?
812
The dependabot.yml file has two mandatory top-level keys: version, and updates. You can, optionally, include a top-level registries key. The file must start with version: 2. The top-level updates key is mandatory. You use it to configure how Dependabot updates the versions or your project's dependencies.
Copy and paste the following snippet into your .yml file. Automatically merge Dependabot PRs when version comparison is within range. Note: Dependabot will wait until all your status checks pass before merging. This is a function of Dependabot itself, and not this Action.
When Dependabot edits a manifest file to update a version, it uses the following overall strategies: For apps, the version requirements are increased, for example: npm, pip and Composer. For libraries, the range of versions is widened, for example: Bundler and Cargo.
Use schedule.time to specify an alternative time of day to check for updates (format: hh:mm ). By default, Dependabot checks for new versions at a random set time for the repository.
Here is one solution that doesn't require any additional marketplace installations (originally found here). Simply create a new GitHub workflow (e.g. .github/workflows/dependabotautomerge.yml) containing:
name: "Dependabot Automerge - Action"
on:
pull_request:
jobs:
worker:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- name: automerge
uses: actions/[email protected]
with:
script: |
github.pullRequests.createReview({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
pull_number: context.payload.pull_request.number,
event: 'APPROVE'
})
github.pullRequests.merge({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
pull_number: context.payload.pull_request.number
})
github-token: ${{github.token}}
There are also various third-party solutions available on GitHub Marketplace.
100
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With