From 8d479c07617327932713ff88b05120ef5836f019 Mon Sep 17 00:00:00 2001 From: James Date: Mon, 12 Jan 2026 09:16:18 +0000 Subject: [PATCH 1/3] mesh-2092: add auto merge workflow --- .github/workflows/dependabot-auto-merge.yaml | 63 ++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 .github/workflows/dependabot-auto-merge.yaml diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml new file mode 100644 index 0000000..09413c4 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -0,0 +1,63 @@ +name: Auto-merge Dependabot PRs + +on: + pull_request: + types: + - opened + - reopened + - synchronize + - ready_for_review + - labeled + +permissions: + contents: write + pull-requests: write + +jobs: + dependabot-make-update: + # Only run on Dependabot PRs + if: github.event.pull_request.user.login == 'dependabot[bot]' + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install Python 3.11 + uses: actions/setup-python@v4 + with: + python-version: '3.11' + + - name: Install poetry + run: python -m pip install --upgrade pip setuptools wheel poetry + + - name: Install project dependencies + run: make install-ci + + - name: Update dependencies (make update) + run: make update + + - name: Lint (make lint) + run: make lint + + enable-automerge: + # Only run on Dependabot PRs after make update succeeds + if: github.event.pull_request.user.login == 'dependabot[bot]' + needs: dependabot-make-update + runs-on: ubuntu-latest + + steps: + - name: Fetch Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Enable auto-merge for Dependabot PRs + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 53f3c496913bb24e75f2fe0d29eb9ae587e46687 Mon Sep 17 00:00:00 2001 From: James Date: Mon, 12 Jan 2026 09:32:46 +0000 Subject: [PATCH 2/3] mesh-2092: move write permissions to job level --- .github/workflows/dependabot-auto-merge.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml index 09413c4..cf9a0bb 100644 --- a/.github/workflows/dependabot-auto-merge.yaml +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -9,15 +9,14 @@ on: - ready_for_review - labeled -permissions: - contents: write - pull-requests: write - jobs: dependabot-make-update: # Only run on Dependabot PRs if: github.event.pull_request.user.login == 'dependabot[bot]' runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: - name: Checkout @@ -47,6 +46,9 @@ jobs: if: github.event.pull_request.user.login == 'dependabot[bot]' needs: dependabot-make-update runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: - name: Fetch Dependabot metadata From 3acc65f004b6e040180634be6c02c6d1e08f81cd Mon Sep 17 00:00:00 2001 From: James Date: Mon, 12 Jan 2026 14:21:02 +0000 Subject: [PATCH 3/3] mesh-2092: move write permissions to job level --- .github/workflows/dependabot-auto-merge.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yaml b/.github/workflows/dependabot-auto-merge.yaml index cf9a0bb..bc523aa 100644 --- a/.github/workflows/dependabot-auto-merge.yaml +++ b/.github/workflows/dependabot-auto-merge.yaml @@ -14,9 +14,6 @@ jobs: # Only run on Dependabot PRs if: github.event.pull_request.user.login == 'dependabot[bot]' runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write steps: - name: Checkout