Skip to content

chore: modernize Dependabot auto-merge workflow#3119

Merged
PierreBrisorgueil merged 1 commit intomasterfrom
chore/modernize-dependabot-auto-merge
Feb 17, 2026
Merged

chore: modernize Dependabot auto-merge workflow#3119
PierreBrisorgueil merged 1 commit intomasterfrom
chore/modernize-dependabot-auto-merge

Conversation

@PierreBrisorgueil
Copy link
Contributor

Summary

Replace the outdated third-party action with the official GitHub-recommended approach:

  • Replace ahmadnassri/action-dependabot-auto-merge@v2 + WAOS PAT → dependabot/fetch-metadata@v2 + GITHUB_TOKEN
  • Add if: github.actor == 'dependabot[bot]' guard — workflow no longer runs on all PRs
  • Explicit approve step (gh pr review --approve) before enabling auto-merge
  • Auto-merge enabled only for patch and minor updates — majors stay manual
  • Remove unused issues: write permission

Why

  • The WAOS PAT is a personal token with expiry risk; GITHUB_TOKEN is sufficient since auto-merge is enabled on the repo
  • The ahmadnassri action is unmaintained and uses deprecated patterns
  • The dependabot[bot] guard prevents the workflow from triggering on non-Dependabot PRs

Test plan

  • Open a Dependabot patch/minor PR and verify it gets auto-approved and merged once CI is green
  • Open a Dependabot major PR and verify it does NOT get auto-merged

Replace third-party ahmadnassri action + WAOS PAT with official approach:
- Use dependabot/fetch-metadata@v2 to detect update type
- Auto-approve and enable auto-merge for patch/minor updates only
- Use GITHUB_TOKEN instead of WAOS PAT (auto-merge enabled on repo)
- Gate on github.actor == 'dependabot[bot]' to avoid running on all PRs
- Remove unused issues: write permission
Copilot AI review requested due to automatic review settings February 17, 2026 15:45
@PierreBrisorgueil PierreBrisorgueil merged commit b0e6a9f into master Feb 17, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant

Comments