/gh-action-auto-merge-dependency-updates

A GitHub action that will automatically approve and merge a PR that only contains dependency updates, based on some rules.

Primary LanguageTypeScriptMIT LicenseMIT

gh-action-auto-merge-dependency-updates

A GitHub action that will automatically approve and merge a PR that only contains dependency updates, based on some rules.

If you run tests on PR's make sure you configure those as required status checks so that they need to go green before the merge can occur.

Note that the action does not check the "package-lock.json" is valid, so you should only set allowed-actors you trust, or validate that the "package-lock.json" is correct in another required action.

Config

  • repo-token: a GitHub API token. E.g. ${{ secrets.GITHUB_TOKEN }}
  • allowed-actors: A comma separated list of usernames auto merge is allowed for.
  • allowed-update-types (optional): A comma separated list of types of updates that are allowed. Supported: [devDependencies|dependencies]:[major|minor|patch]. Default: devDependencies:minor, devDependencies:patch
  • approve (optional): Automatically approve the PR if it qualifies for auto merge. Default: true
  • package-block-list (optional): A comma separated list of packages that auto merge should not be allowed for.

You should configure this action to run on the pull_request and pull_request_review events.

Example Action

name: Auto Merge Dependency Updates

on:
  - pull_request
  - pull_request_review

jobs:
  run:
    runs-on: ubuntu-latest
    steps:
      - uses: tjenkinson/gh-action-auto-merge-dependency-updates@v1
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
          allowed-actors: dependabot-preview[bot], dependabot[bot]