From b00918ba6c5f2a04ed62731650f8b5f554a987c6 Mon Sep 17 00:00:00 2001 From: jakeross Date: Thu, 12 Feb 2026 12:04:56 -0700 Subject: [PATCH 1/6] update dependabot configuration for weekly dependency updates and add auto-merge workflow --- .github/dependabot.yml | 58 +++++++++++++++++++++- .github/workflows/dependabot_automerge.yml | 44 ++++++++++++++++ 2 files changed, 100 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/dependabot_automerge.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f24116134..c460f35a8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,8 +5,62 @@ version: 2 updates: - - package-ecosystem: "uv" # See documentation for possible values - directory: "/" # Location of package manifests + - package-ecosystem: "uv" + directory: "/" schedule: interval: "weekly" + day: "monday" + time: "09:00" + timezone: "America/Denver" target-branch: "staging" + open-pull-requests-limit: 5 + rebase-strategy: "auto" + labels: + - "dependencies" + - "python" + groups: + uv-non-major: + patterns: + - "*" + update-types: + - "minor" + - "patch" + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "America/Denver" + target-branch: "staging" + open-pull-requests-limit: 5 + rebase-strategy: "auto" + labels: + - "dependencies" + groups: + pip-non-major: + patterns: + - "*" + update-types: + - "minor" + - "patch" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "09:00" + timezone: "America/Denver" + target-branch: "staging" + open-pull-requests-limit: 5 + rebase-strategy: "auto" + labels: + - "dependencies" + - "github-actions" + groups: + gha-minor-and-patch: + update-types: + - "minor" + - "patch" diff --git a/.github/workflows/dependabot_automerge.yml b/.github/workflows/dependabot_automerge.yml new file mode 100644 index 000000000..83495b563 --- /dev/null +++ b/.github/workflows/dependabot_automerge.yml @@ -0,0 +1,44 @@ +name: Dependabot auto-merge + +on: + pull_request_target: + types: [opened, reopened, synchronize, ready_for_review] + +permissions: + contents: write + pull-requests: write + +jobs: + automerge: + if: github.actor == 'dependabot[bot]' + runs-on: ubuntu-latest + + steps: + - name: Fetch Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + # Auto-approve (only matters if your branch protection requires reviews) + - name: Approve PR + if: steps.metadata.outputs.update-type != 'version-update:semver-major' + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + await github.rest.pulls.createReview({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: context.payload.pull_request.number, + event: "APPROVE" + }); + + # Enable GitHub auto-merge; it will merge once required checks (your Test Suite) are green + - name: Enable auto-merge (squash) + if: steps.metadata.outputs.update-type != 'version-update:semver-major' + uses: peter-evans/enable-pull-request-automerge@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + pull-request-number: ${{ github.event.pull_request.number }} + merge-method: squash From 14cf1be252f8f209d83b92695ad6e5b74f61ac70 Mon Sep 17 00:00:00 2001 From: Jake Ross Date: Thu, 12 Feb 2026 12:06:42 -0700 Subject: [PATCH 2/6] Update .github/dependabot.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/dependabot.yml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c460f35a8..b0f6ef84f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -26,26 +26,6 @@ updates: - "minor" - "patch" - - package-ecosystem: "pip" - directory: "/" - schedule: - interval: "weekly" - day: "monday" - time: "09:00" - timezone: "America/Denver" - target-branch: "staging" - open-pull-requests-limit: 5 - rebase-strategy: "auto" - labels: - - "dependencies" - groups: - pip-non-major: - patterns: - - "*" - update-types: - - "minor" - - "patch" - - package-ecosystem: "github-actions" directory: "/" schedule: From 161d907eedecd6e189fbecd0697a5cd7dd02b999 Mon Sep 17 00:00:00 2001 From: Jake Ross Date: Thu, 12 Feb 2026 12:07:16 -0700 Subject: [PATCH 3/6] Update .github/workflows/dependabot_automerge.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/dependabot_automerge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot_automerge.yml b/.github/workflows/dependabot_automerge.yml index 83495b563..b361a7853 100644 --- a/.github/workflows/dependabot_automerge.yml +++ b/.github/workflows/dependabot_automerge.yml @@ -1,7 +1,7 @@ name: Dependabot auto-merge on: - pull_request_target: + pull_request: types: [opened, reopened, synchronize, ready_for_review] permissions: From dcf722f010fd81e3655e8cf96a66556c4dd0366b Mon Sep 17 00:00:00 2001 From: jakeross Date: Thu, 12 Feb 2026 12:12:05 -0700 Subject: [PATCH 4/6] enhance auto-merge workflow to prevent duplicate approvals by the bot --- .github/workflows/dependabot_automerge.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependabot_automerge.yml b/.github/workflows/dependabot_automerge.yml index b361a7853..ff8594ab4 100644 --- a/.github/workflows/dependabot_automerge.yml +++ b/.github/workflows/dependabot_automerge.yml @@ -27,13 +27,27 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | - await github.rest.pulls.createReview({ + const { data: reviews } = await github.rest.pulls.listReviews({ owner: context.repo.owner, repo: context.repo.repo, pull_number: context.payload.pull_request.number, - event: "APPROVE" }); + const alreadyApprovedByBot = reviews.some( + (review) => + review.state === "APPROVED" && + review.user?.login === "github-actions[bot]" + ); + + if (!alreadyApprovedByBot) { + await github.rest.pulls.createReview({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: context.payload.pull_request.number, + event: "APPROVE", + }); + } + # Enable GitHub auto-merge; it will merge once required checks (your Test Suite) are green - name: Enable auto-merge (squash) if: steps.metadata.outputs.update-type != 'version-update:semver-major' From a93f4b696ff0ecbd4d271bf9e5379ec121ba37f7 Mon Sep 17 00:00:00 2001 From: Jake Ross Date: Thu, 12 Feb 2026 12:14:35 -0700 Subject: [PATCH 5/6] Update .github/workflows/dependabot_automerge.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/dependabot_automerge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot_automerge.yml b/.github/workflows/dependabot_automerge.yml index ff8594ab4..7f45fe27b 100644 --- a/.github/workflows/dependabot_automerge.yml +++ b/.github/workflows/dependabot_automerge.yml @@ -10,7 +10,7 @@ permissions: jobs: automerge: - if: github.actor == 'dependabot[bot]' + if: github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]' runs-on: ubuntu-latest steps: From 5794ffe41a4b3f77a291d3ae655444500786a66a Mon Sep 17 00:00:00 2001 From: Jake Ross Date: Thu, 12 Feb 2026 12:15:03 -0700 Subject: [PATCH 6/6] Update .github/dependabot.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/dependabot.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b0f6ef84f..a43856827 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -41,6 +41,8 @@ updates: - "github-actions" groups: gha-minor-and-patch: + patterns: + - "*" update-types: - "minor" - "patch"