From 0c0cf99669d55a90e4740238e2fa0500a5ffc1ce Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 10:31:33 +0000 Subject: [PATCH 1/4] Initial plan From 8aaebf587f29af0e438977cebd3788c10f0030f8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 10:36:03 +0000 Subject: [PATCH 2/4] Add dependabot configuration and auto-merge workflow Co-authored-by: baywet <7905502+baywet@users.noreply.github.com> --- .github/dependabot.yml | 27 +++++++++++++++++++++ .github/workflows/dependabot-auto-merge.yml | 24 ++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/dependabot-auto-merge.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..d841f21 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,27 @@ +version: 2 +updates: + # GitHub Actions updates + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 + + # npm updates with vitest grouping + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 + groups: + vitest: + patterns: + - "vitest*" + - "@vitest/*" + + # Bundler (gem) updates + - package-ecosystem: "bundler" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..327f432 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,24 @@ +name: Dependabot auto-merge +on: pull_request + +permissions: + contents: write + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + + - name: Enable auto-merge for Dependabot PRs + if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From f5ad313df58ae4565eee49c4639c33433f7d54cf Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Tue, 28 Oct 2025 08:03:59 -0400 Subject: [PATCH 3/4] ci: aligns auto-merge dependabot worfklow --- .github/workflows/auto-merge-dependabot.yml | 32 +++++++++++++++++++++ .github/workflows/dependabot-auto-merge.yml | 24 ---------------- 2 files changed, 32 insertions(+), 24 deletions(-) create mode 100644 .github/workflows/auto-merge-dependabot.yml delete mode 100644 .github/workflows/dependabot-auto-merge.yml diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml new file mode 100644 index 0000000..d454cd1 --- /dev/null +++ b/.github/workflows/auto-merge-dependabot.yml @@ -0,0 +1,32 @@ +name: Auto-merge dependabot updates + +on: + pull_request: + branches: [ main ] + +permissions: + pull-requests: write + contents: write + +jobs: + + dependabot-merge: + + runs-on: ubuntu-latest + + if: ${{ github.actor == 'dependabot[bot]' }} + + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2.4.0 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + + - name: Enable auto-merge for Dependabot PRs + # Only if version bump is not a major version change + if: ${{steps.metadata.outputs.update-type != 'version-update:semver-major'}} + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml deleted file mode 100644 index 327f432..0000000 --- a/.github/workflows/dependabot-auto-merge.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Dependabot auto-merge -on: pull_request - -permissions: - contents: write - pull-requests: write - -jobs: - dependabot: - runs-on: ubuntu-latest - if: github.actor == 'dependabot[bot]' - steps: - - name: Dependabot metadata - id: metadata - uses: dependabot/fetch-metadata@v2 - with: - github-token: "${{ secrets.GITHUB_TOKEN }}" - - - name: Enable auto-merge for Dependabot PRs - if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor' - run: gh pr merge --auto --merge "$PR_URL" - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 6a29009695d304d4cab779ed4f5566a78006fb0b Mon Sep 17 00:00:00 2001 From: Vincent Biret Date: Tue, 28 Oct 2025 08:05:06 -0400 Subject: [PATCH 4/4] ci: switches to daily dependencies updates --- .github/dependabot.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index d841f21..9563b9c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,24 +4,23 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" + interval: "daily" open-pull-requests-limit: 10 # npm updates with vitest grouping - package-ecosystem: "npm" directory: "/" schedule: - interval: "weekly" + interval: "daily" open-pull-requests-limit: 10 groups: vitest: patterns: - - "vitest*" - - "@vitest/*" + - "*vitest*" # Bundler (gem) updates - package-ecosystem: "bundler" directory: "/" schedule: - interval: "weekly" + interval: "daily" open-pull-requests-limit: 10