frank/sharkdp--bat
1
0
Fork 0
mirror of https://github.com/sharkdp/bat synced 2026-06-09 10:03:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Stop auto-merge dependabot PRs

Browse Source 
Our CI runs a fair amount of unaudited third party code. I'd like to
stop using my Personal Access Token until we have had time to security
harden our CI.
This commit is contained in:
Martin Nordholts
2025-07-17 06:56:16 +02:00
parent 91c95d8ba7
commit 90b2c57951
1 changed files with 0 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/Auto-merge-dependabot-PRs.yml
-23
View File
@@ -1,23 +0,0 @@
# This workflow triggers auto-merge of any PR that dependabot creates so that
# PRs will be merged automatically without maintainer intervention if CI passes
name: Auto-merge dependabot PRs
on:
pull_request_target:
types: [opened]
jobs:
auto-merge:
if: github.repository == 'sharkdp/bat' && startsWith(github.head_ref, 'dependabot/')
runs-on: ubuntu-latest
environment:
name: auto-merge
url: https://github.com/sharkdp/bat/blob/main/.github/workflows/Auto-merge-dependabot-PRs.yml
env:
GITHUB_TOKEN: ${{ secrets.AUTO_MERGE_GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v4
- run: |
gh pr review ${{ github.event.pull_request.number }} --comment --body "If CI passes, this dependabot PR will be [auto-merged](https://github.com/sharkdp/bat/blob/main/.github/workflows/Auto-merge-dependabot-PRs.yml) 🚀"
- run: |
gh pr merge --auto --squash ${{ github.event.pull_request.number }}