Skip to content

ci: add build-provenance attestations and CodeQL scanning #18

ci: add build-provenance attestations and CodeQL scanning

ci: add build-provenance attestations and CodeQL scanning #18

name: Dependabot auto-merge
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
permissions:
contents: write
pull-requests: write
jobs:
automerge:
name: Enable auto-merge for patch-level test-dependency updates
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- name: Inspect Dependabot metadata
id: meta
uses: dependabot/fetch-metadata@v3.0.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Enable auto-merge (squash) for test-dep patches only
if: >-
steps.meta.outputs.update-type == 'version-update:semver-patch' &&
(steps.meta.outputs.dependency-group == 'test-deps-patch' ||
steps.meta.outputs.package-ecosystem == 'github-actions')
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh pr merge --auto --squash "${{ github.event.pull_request.html_url }}"