You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions.md
-16Lines changed: 0 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -50,8 +50,6 @@ Most automation requires you to know information about the contents of the pull
50
50
51
51
Example:
52
52
53
-
{% raw %}
54
-
55
53
```yaml copy
56
54
{% data reusables.actions.actions-not-certified-by-github-comment %}
57
55
name: Dependabot fetch metadata
@@ -77,8 +75,6 @@ jobs:
77
75
# - steps.metadata.outputs.update-type
78
76
```
79
77
80
-
{% endraw %}
81
-
82
78
For more information, see the [`dependabot/fetch-metadata`](https://github.com/dependabot/fetch-metadata) repository.
83
79
84
80
## Labeling a pull request
@@ -87,8 +83,6 @@ If you have other automation or triage workflows based on {% data variables.prod
87
83
88
84
Example that flags all production dependency updates with a label:
89
85
90
-
{% raw %}
91
-
92
86
```yaml copy
93
87
{% data reusables.actions.actions-not-certified-by-github-comment %}
94
88
name: Dependabot auto-label
@@ -115,16 +109,12 @@ jobs:
115
109
PR_URL: ${{github.event.pull_request.html_url}}
116
110
```
117
111
118
-
{% endraw %}
119
-
120
112
## Automatically approving a pull request
121
113
122
114
You can automatically approve {% data variables.product.prodname_dependabot %} pull requests by using the {% data variables.product.prodname_cli %} in a workflow.
123
115
124
116
Example:
125
117
126
-
{% raw %}
127
-
128
118
```yaml copy
129
119
{% data reusables.actions.actions-not-certified-by-github-comment %}
130
120
name: Dependabot auto-approve
@@ -150,8 +140,6 @@ jobs:
150
140
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
151
141
```
152
142
153
-
{% endraw %}
154
-
155
143
## Enabling automerge on a pull request
156
144
157
145
If you want to allow maintainers to mark certain pull requests for automerge, you can use {% data variables.product.prodname_dotcom %}'s automerge functionality. This enables the pull request to be merged when any tests and approvals required by the branch protection rules are successfully met.
@@ -160,8 +148,6 @@ For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-req
160
148
161
149
You can instead use {% data variables.product.prodname_actions %} and the {% data variables.product.prodname_cli %}. Here is an example that automerges all patch updates to `my-dependency`:
162
150
163
-
{% raw %}
164
-
165
151
```yaml copy
166
152
{% data reusables.actions.actions-not-certified-by-github-comment %}
167
153
name: Dependabot auto-merge
@@ -189,8 +175,6 @@ jobs:
189
175
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
190
176
```
191
177
192
-
{% endraw %}
193
-
194
178
> [!NOTE]
195
179
> If you use status checks to test pull requests, you should enable **Require status checks to pass before merging** for the target branch for {% data variables.product.prodname_dependabot %} pull requests. This branch protection rule ensures that pull requests are not merged unless **all the required status checks pass**. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule).
0 commit comments