From dcc282bfba801745df9cdf28653d4d2c22fc036e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 30 Mar 2026 17:27:57 +0000 Subject: [PATCH 1/5] Initial plan From ec2959df522d7e658f1e63dcef6a035bc271f974 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 30 Mar 2026 17:30:01 +0000 Subject: [PATCH 2/5] chore: add Dependabot auto-merge workflow for patch/minor updates Agent-Logs-Url: https://github.com/TrustSignal-dev/TrustSignal/sessions/b0fa78a1-39c3-4206-a500-d945a4fe3caf Co-authored-by: chrismaz11 <24700273+chrismaz11@users.noreply.github.com> --- .github/workflows/dependabot-auto-merge.yml | 31 +++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 .github/workflows/dependabot-auto-merge.yml diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..13da27d --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,31 @@ +name: Dependabot auto-merge +on: pull_request_target + +permissions: + contents: write + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + + - name: Auto-approve patch and minor updates + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Enable auto-merge for patch and minor updates + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 7e581337333fb969fee4d93a40f8d2646f7bb2e5 Mon Sep 17 00:00:00 2001 From: chrismaz11 Date: Tue, 31 Mar 2026 11:53:05 -0500 Subject: [PATCH 3/5] Update .github/workflows/dependabot-auto-merge.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/dependabot-auto-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 13da27d..de3d0e7 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -8,7 +8,7 @@ permissions: jobs: dependabot: runs-on: ubuntu-latest - if: github.actor == 'dependabot[bot]' + if: github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]' steps: - name: Dependabot metadata id: metadata From 24fde67e500b59d6befc915c9a8c570fe322952a Mon Sep 17 00:00:00 2001 From: chrismaz11 Date: Tue, 31 Mar 2026 11:53:40 -0500 Subject: [PATCH 4/5] Update .github/workflows/dependabot-auto-merge.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/dependabot-auto-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index de3d0e7..94367f0 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v2 + uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906afd2aa4e5408c08 with: github-token: "${{ secrets.GITHUB_TOKEN }}" From f58c2a7b111175544f3437021e99f427854433c8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 31 Mar 2026 16:56:17 +0000 Subject: [PATCH 5/5] chore: scope trigger to master + open PR types, add prerequisite comment Agent-Logs-Url: https://github.com/TrustSignal-dev/TrustSignal/sessions/017b9c68-5c37-458b-90a9-f1ef7753e4c5 Co-authored-by: chrismaz11 <24700273+chrismaz11@users.noreply.github.com> --- .github/workflows/dependabot-auto-merge.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 94367f0..9554889 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -1,5 +1,8 @@ name: Dependabot auto-merge -on: pull_request_target +on: + pull_request_target: + branches: [master] + types: [opened, synchronize, reopened, ready_for_review] permissions: contents: write @@ -12,10 +15,13 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906afd2aa4e5408c08 + uses: dependabot/fetch-metadata@c9c4182bf1b97f5224aee3906afd2aa4e5408c08 # v2.3.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" + # Prerequisites: repo must have "Allow GitHub Actions to create and approve + # pull requests" enabled (Settings → Actions → General) and "Allow + # auto-merge" enabled (Settings → General → Pull Requests). - name: Auto-approve patch and minor updates if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' run: gh pr review --approve "$PR_URL"