Automatically group dependabot pull requests into a single one and merge it.
Here is a simple workflow to get started. Look at the options below for more details.
jobs:
dependabot:
runs-on: ubuntu-latest
name: Combine dependabot pull requests
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Combine dependabot pull requests
uses: kuvaus/dependabot-group-merge-approve-action@v2
env:
GITHUB_TOKEN: ${{ secrets.DEPLOY_KEY }}
Note Note that the script needs the
GITHUB_TOKEN
for creating or updating the release.
Optionally there are inputs
that you can change to modify the actions behavior. Below is a more detailed version with all the possible options:
jobs:
dependabot:
runs-on: ubuntu-latest
name: Combine dependabot pull requests
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Combine dependabot pull requests
uses: kuvaus/dependabot-group-merge-approve-action@v2
with:
botname: "dependabot" # Name of the bot. E.g. dependabot or renovate
require_green: "true" # Require the pull requests to be green
combined_pr_name: "combined" # Branch name for the combined pull request
ignore: "ignore" # Ignore pull requests with this name
close_merged: "false" # Close merged pull requests automatically
auto_merge_combined: "false" # Automatically merge the combined pull request
day: "Monday" # Run on a specific day, any Monday
hour: "16" # Run after a specific hour, 4 PM
wait: "1" # Wait N seconds before starting
merge_individually: "false" # Merge individually instead of combining
env:
GITHUB_TOKEN: ${{ secrets.DEPLOY_KEY }}
By default the action will leave the pull requests open so you can verify before you merge. But sometimes dependabot just updates your package.json
so it is useful to merge the pull requests automatically. Here is a basic workflow that automatically combines the dependabot pull requests into a single pull request and then automatically merges it. It also closes the open pull requests for you after merge to avoid clutter. Note that the action runs on workflow_dispatch
meaning you have to trigger it. Another option is to run it on pull_request_target
but set the wait
option to e.g. 120
(2 minutes) so that it waits dependabot pull requests to come before it starts combining them.
name: Combine dependabot pull requests
on:
workflow_dispatch:
jobs:
dependabot:
runs-on: ubuntu-latest
name: Combine dependabot pull requests
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Combine dependabot pull requests
uses: kuvaus/dependabot-group-merge-approve-action@v2
with:
close_merged: "true"
auto_merge_combined: "true"
env:
GITHUB_TOKEN: ${{ secrets.DEPLOY_KEY }}
If you want to just automatically merge all dependabot pull requests individually as they come (no combining), you can use this workflow. Note that the action runs on pull_request_target
meaning it will run automatically on each pull request.
name: Merge dependabot pull requests automatically
on:
pull_request_target:
jobs:
dependabot:
runs-on: ubuntu-latest
name: Merge dependabot pull requests automatically
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Merge dependabot pull requests automatically
uses: kuvaus/dependabot-group-merge-approve-action@v2
with:
merge_dependabot_individually: "true"
env:
GITHUB_TOKEN: ${{ secrets.DEPLOY_KEY }}
If you're using another bot, for example renovatebot, you can just change the botname
parameter. The below script now searches the pull requests from renovate[bot]
instead of dependabot[bot]
. The action adds the [bot]
suffix automatically.
with:
botname: "renovate" # Name of the bot. E.g. dependabot or renovate
This project is licensed under the MIT License