From 35bb4a7fb3ec1707128aae2b96eddb192cb1738a Mon Sep 17 00:00:00 2001 From: Jeremy Daer Date: Wed, 29 Apr 2026 13:10:21 -0700 Subject: [PATCH] ci: drop approve step from Dependabot auto-merge MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The approve step requires "Allow GitHub Actions to create and approve pull requests" at the repo level, which is off here, so the workflow fails on approve and the auto-merge step never runs. Without branch protection requiring reviews, the approve was cosmetic anyway — the auto-merge step alone gates on CI, which is the actual safety check. --- .github/workflows/dependabot-auto-merge.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index a3920b4..52fa11d 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -19,18 +19,6 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} # CI is the safety gate — auto-merging action updates is circular. - - name: Approve patch and minor updates (excluding actions) - if: >- - ( - steps.metadata.outputs.update-type == 'version-update:semver-patch' || - steps.metadata.outputs.update-type == 'version-update:semver-minor' - ) && - steps.metadata.outputs.package-ecosystem != 'github_actions' - run: gh pr review --approve "$PR_URL" - env: - PR_URL: ${{ github.event.pull_request.html_url }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Enable auto-merge for patch and minor updates (excluding actions) if: >- (