GitHub action that processes pull requests created and processed by dependabot[bot]. Depending on the settings, the pull request is approved and/or merged.
The action is triggered by the pull_request event and only processes pull requests created by dependabot[bot].
The simplest variant of the pipeline configuration could look like this. However, it is recommended to link this job with a build and test process. This ensures that the code is tested before it is merged.
name: DependaMerge
on:
pull_request:
jobs:
dependabot:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: DependaMerge
uses: dailydevops/dependamerge-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
command: squash| Name | Description | Required | Default | Available Values |
|---|---|---|---|---|
token |
GitHub token | ✔ | ${{ secrets.GITHUB_TOKEN }} |
--- |
command |
Merge Method with which the pull request is to be merged. | ❌ | squash |
squash, merge |
approve-only |
If true, then the pull request is only approved, but not merged. |
❌ | false |
true, false |
handle-submodule |
If true, Git submodules are also merged. |
❌ | false |
true, false |
handle-dependency-group |
If true, all pull requests of a dependency group are merged. |
❌ | true |
true, false |
target |
The maximum target of the version comparison to be merged. | ❌ | patch |
major, minor, patch, any |
skip-commit-verification |
If true, then the action will not expect the commits to have a verification signature. It is required to set this to true in GitHub Enterprise Server. |
❌ | false |
true, false |
skip-verification |
If true, the action will not validate the user or the commit verification status. |
❌ | false |
true, false |
| Value | Description |
|---|---|
approved |
The pull request has been approved. |
merged |
The pull request has been merged. |
skipped |
The pull request is skipped and all processing steps are stopped. |
failed |
The pull request could not be processed. |
rebased |
The pull request was automatically rebased. |
The message contains further information about the processing state of the pull request. In some cases it contains error/debug information.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent