Add Dependabot auto-approve and auto-merge workflow#3103
Merged
jonathangreen merged 1 commit intomainfrom Mar 4, 2026
Merged
Conversation
tdilauro
approved these changes
Mar 4, 2026
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #3103 +/- ##
=======================================
Coverage 93.22% 93.22%
=======================================
Files 491 491
Lines 45336 45336
Branches 6239 6239
=======================================
Hits 42264 42264
Misses 1985 1985
Partials 1087 1087 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This was referenced Mar 4, 2026
jonathangreen
added a commit
to ThePalaceProject/virtual-library-card
that referenced
this pull request
Mar 6, 2026
## Description Adds a GitHub Actions workflow that automatically approves and squash-merges pull requests opened by Dependabot. This is the same workflow added to circulation in ThePalaceProject/circulation#3103. ## Motivation and Context Automates the approval and merging of Dependabot version bump PRs so they don't require manual intervention. This follows the approach described in the [GitHub documentation for automating Dependabot with GitHub Actions](https://docs.github.com/en/code-security/tutorials/secure-your-dependencies/automating-dependabot-with-github-actions). ## How Has This Been Tested? This workflow has already been validated in the [circulation repository](ThePalaceProject/circulation#3103). It will be further validated by observing the workflow behavior on incoming Dependabot PRs in this repo. ## Checklist - [x] I have updated the documentation accordingly. - [x] All new and existing tests passed.
jonathangreen
added a commit
to ThePalaceProject/palace-tools
that referenced
this pull request
Mar 6, 2026
## Description Adds a GitHub Actions workflow that automatically approves and squash-merges pull requests opened by Dependabot, mirroring the workflow added to circulation in ThePalaceProject/circulation#3103. Also adds the standard pull request template used across Palace Project repositories. ## Motivation and Context This rolls out the Dependabot auto-merge workflow from [circulation PR #3103](ThePalaceProject/circulation#3103) to this repository, so we don't have to manually approve and merge Dependabot version bumps. The PR template is added to keep this repo in sync with the standard used across Palace Project repos. ## How Has This Been Tested? This will be validated by observing the workflow behavior on incoming Dependabot PRs. ## Checklist - [x] I have updated the documentation accordingly. - [x] All new and existing tests passed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a GitHub Actions workflow that automatically approves and squash-merges pull requests opened by Dependabot. This follows the approach described in the GitHub documentation for automating Dependabot with GitHub Actions.
Motivation and Context
I'd like to give this a try so we don't have to manually worry about keeping up with Dependabot version bumps. If this works well here in circulation, I'd like to roll it out to our other Python repos as well.
How Has This Been Tested?
This will be validated by observing the workflow behavior on incoming Dependabot PRs.
Checklist