Add Dependabot automerge GitHub workflow

[leynos]

Summary

• Adds a Dependabot auto-merge GitHub Actions workflow that leverages a shared automerge action to automatically merge eligible Dependabot PRs

Changes

Workflow

• New file: .github/workflows/dependabot-automerge.yml
• Triggers:
  • pull_request_target: types [opened, reopened, synchronize, labeled]
  • workflow_dispatch: with a manual input
• Inputs:
  • pull-request-number: numeric input for manual dispatch
• Action: uses leynos/shared-actions@235d2d0
• Parameters:
  • pull-request-number: ${{ github.event.pull_request.number || inputs.pull-request-number }}
  • repository: ${{ github.repository }}
• Behavior:
  • Runs only when the actor is dependabot[bot] or when triggered via workflow_dispatch (as configured by the if condition in the workflow)
  • Pins the external action to a specific commit for reproducibility

Notes

• This workflow delegates the merge logic to a centralized, shared action to ensure consistent automerge behavior across repos

Test plan

• Trigger via workflow_dispatch with a sample pull-request-number to verify input path
• Create or update a Dependabot PR to ensure the auto-merge path activates on supported events
• Verify that non-Dependabot PRs do not trigger auto-merge
• Confirm the repository input is correctly passed to the shared action

🌿 Generated by Terry

---

ℹ️ Tag @terragon-labs to ask questions and address PR feedback

📎 Task: https://www.terragonlabs.com/task/06808823-d3ae-451a-bb45-bd25005c7ce2

Summary by Sourcery

Add a GitHub Actions workflow to automatically merge eligible Dependabot pull requests using a shared automerge workflow.

CI:

• Introduce a Dependabot auto-merge workflow triggered on Dependabot pull_request_target events and manual workflow_dispatch.
• Delegate Dependabot auto-merge logic to a centrally maintained shared workflow, passing the pull request number and repository context.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch terragon/add-github-dependency-automerge-geha0a

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adds a new GitHub Actions workflow to automatically merge eligible Dependabot pull requests by delegating to a centralized shared workflow, with support for both automatic triggers and manual dispatch.

Sequence diagram for Dependabot auto-merge reusable workflow invocation

sequenceDiagram
  actor DependabotBot
  actor Maintainer
  participant Repo
  participant GitHub_Actions
  participant Dependabot_Automerge_Workflow
  participant Shared_Automerge_Workflow
  participant GitHub_API

  rect rgb(235, 245, 255)
    DependabotBot->>Repo: Open or update PR
    Repo-->>GitHub_Actions: pull_request_target event
    GitHub_Actions->>Dependabot_Automerge_Workflow: Start workflow (event pull_request_target)
    Dependabot_Automerge_Workflow->>Dependabot_Automerge_Workflow: Check if github.actor == dependabot_bot
    alt Actor is Dependabot bot
      Dependabot_Automerge_Workflow->>Shared_Automerge_Workflow: Reusable workflow call
      Note over Dependabot_Automerge_Workflow,Shared_Automerge_Workflow: with pull-request-number = github.event.pull_request.number
      Shared_Automerge_Workflow->>GitHub_API: Validate and merge Dependabot PR
      GitHub_API-->>Shared_Automerge_Workflow: Merge result
      Shared_Automerge_Workflow-->>Dependabot_Automerge_Workflow: Completion status
    else Actor is not Dependabot bot
      Dependabot_Automerge_Workflow-->>GitHub_Actions: Job skipped by if condition
    end
  end

  rect rgb(235, 255, 235)
    Maintainer->>GitHub_Actions: workflow_dispatch with pull-request-number
    GitHub_Actions->>Dependabot_Automerge_Workflow: Start workflow (event workflow_dispatch)
    Dependabot_Automerge_Workflow->>Dependabot_Automerge_Workflow: github.event_name == workflow_dispatch
    Dependabot_Automerge_Workflow->>Shared_Automerge_Workflow: Reusable workflow call
    Note over Dependabot_Automerge_Workflow,Shared_Automerge_Workflow: with pull-request-number = inputs.pull-request-number
    Shared_Automerge_Workflow->>GitHub_API: Validate and merge PR
    GitHub_API-->>Shared_Automerge_Workflow: Merge result
    Shared_Automerge_Workflow-->>Dependabot_Automerge_Workflow: Completion status
  end

Loading

Flow diagram for Dependabot auto-merge workflow control logic

flowchart TD
  A["Workflow triggered\n(pull_request_target or workflow_dispatch)"] --> B{Event type}

  B -->|pull_request_target| C{github.actor == dependabot_bot}
  B -->|workflow_dispatch| D["Job allowed by condition\n(github.event_name == workflow_dispatch)"]

  C -->|false| E["Skip job\n(if condition not met)"]
  C -->|true| F["Job runs for Dependabot PR"]

  D --> G["Select pull-request-number = inputs.pull-request-number"]
  F --> H["Select pull-request-number = github.event.pull_request.number"]

  H --> I["Call shared automerge workflow\nwith pull-request-number and repository"]
  G --> I

  I --> J["Shared workflow validates and merges PR"]

Loading

File-Level Changes

Change	Details	Files
Introduce a Dependabot auto-merge GitHub Actions workflow that delegates merge logic to a shared reusable workflow and supports both Dependabot-triggered and manual runs.	Create a new workflow triggered on pull_request_target events (opened, reopened, synchronize, labeled) and manual workflow_dispatch with a numeric pull-request-number input. Define a single job that conditionally runs only when the actor is dependabot[bot] or when invoked via workflow_dispatch. Configure the job to use the shared reusable workflow leynos/shared-actions/.github/workflows/dependabot-automerge.yml pinned to a specific commit SHA. Pass the pull request number to the shared workflow from either the triggering pull request or the manual input, and forward the current repository name as a parameter.	.github/workflows/dependabot-automerge.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.