Add dependabot-automerge workflow to automate PRs

[leynos]

Summary

• Adds dependabot-automerge workflow to automatically merge Dependabot PRs when criteria are met.

Changes

Workflow Configuration

• New file: .github/workflows/dependabot-automerge.yml
• Trigger events:
  • pull_request: opened, reopened, synchronize, labeled
  • pull_request_target: branches: [main]
  • workflow_dispatch
• Permissions:
  • contents: write
  • pull-requests: write
  • checks: read
  • statuses: read
• Automerge job:
  • Runs only for Dependabot PRs: if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
  • Uses reusable workflow: leynos/shared-actions@235d2d0
  • with: pull-request-number: ${{ github.event.pull_request.number }}

Safety and Compatibility

• Ensures no non-Dependabot PRs are auto-merged

Test plan

• Open a Dependabot PR and verify automerge triggers and merges when checks pass
• Create a non-Dependabot PR to confirm it is not auto-merged
• Validate event triggers on opened/reopened/synchronize/label and PR target on main

🌿 Generated by Terry

---

ℹ️ Tag @terragon-labs to ask questions and address PR feedback

📎 Task: https://www.terragonlabs.com/task/8ba6125f-ff88-450d-a8d4-4a91c8d1e792

Summary by Sourcery

CI:

• Introduce a dependabot-automerge workflow that runs on pull request events, restricted to Dependabot-authored PRs, and delegates merging to a shared reusable workflow.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch terragon/add-dependabot-automerge-workflow-q4tfjx

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Reviewer's Guide

Introduces a new GitHub Actions workflow to automatically merge eligible Dependabot pull requests using a shared reusable workflow, gated by explicit triggers and a Dependabot-only condition.

Sequence diagram for Dependabot automerge workflow execution

sequenceDiagram
    actor DependabotBot
    participant GitHubRepo
    participant GitHubActions
    participant dependabot_automerge_workflow
    participant shared_dependabot_automerge_workflow
    participant GitHubAPI

    DependabotBot->>GitHubRepo: Create or update pull_request
    GitHubRepo-->>GitHubActions: Emit pull_request or pull_request_target event

    GitHubActions->>dependabot_automerge_workflow: Start workflow on matching event
    activate dependabot_automerge_workflow

    alt pull_request.user.login == dependabot[bot]
        dependabot_automerge_workflow->>shared_dependabot_automerge_workflow: Reusable workflow call
        activate shared_dependabot_automerge_workflow
        shared_dependabot_automerge_workflow->>GitHubAPI: Read checks and statuses
        GitHubAPI-->>shared_dependabot_automerge_workflow: Checks and statuses result
        shared_dependabot_automerge_workflow->>GitHubAPI: Merge pull_request when criteria met
        GitHubAPI-->>shared_dependabot_automerge_workflow: Merge result
        deactivate shared_dependabot_automerge_workflow
    else non Dependabot PR
        dependabot_automerge_workflow-->>GitHubActions: Job skipped by condition
    end

    deactivate dependabot_automerge_workflow

Loading

File-Level Changes

Change	Details	Files
Add a GitHub Actions workflow that auto-merges Dependabot pull requests using a shared reusable workflow, limited to specific events and main-branch targets.	Define dependabot-automerge workflow triggered on pull_request events (opened, reopened, synchronize, labeled), pull_request_target for main, and manual workflow_dispatch. Configure required permissions for contents, pull-requests, checks, and statuses with write/read scopes needed for merging. Create an automerge job that runs only when the PR author is dependabot[bot] and forwards the PR number into the leynos/shared-actions reusable dependabot-automerge workflow at a fixed commit SHA.	.github/workflows/dependabot-automerge.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.