From d24de9823f12c0491b3e23922e2a1c3eea3b7e79 Mon Sep 17 00:00:00 2001
From: Hamza Remmal <hamza@remmal.net>
Date: Fri, 12 Dec 2025 17:35:21 +0100
Subject: [PATCH] do not auto-merge and auto-approve when having a major update

---
 .github/workflows/dependabot-approval.yml | 1 +
 .github/workflows/dependabot-merge.yml    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/dependabot-approval.yml b/.github/workflows/dependabot-approval.yml
index d83f8d1..c68bdac 100644
--- a/.github/workflows/dependabot-approval.yml
+++ b/.github/workflows/dependabot-approval.yml
@@ -15,6 +15,7 @@ jobs:
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Approve a PR
+        if: steps.metadata.outputs.update-type != 'version-update:semver-major'
         run: gh pr review --approve "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
diff --git a/.github/workflows/dependabot-merge.yml b/.github/workflows/dependabot-merge.yml
index 2d82edb..0cb1850 100644
--- a/.github/workflows/dependabot-merge.yml
+++ b/.github/workflows/dependabot-merge.yml
@@ -16,6 +16,7 @@ jobs:
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Enable auto-merge for Dependabot PRs
+        if: steps.metadata.outputs.update-type != 'version-update:semver-major'
         run: gh pr merge --auto --merge "$PR_URL"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}