From e26cf8b042c78f27c99c28b837db25408a764ca2 Mon Sep 17 00:00:00 2001 From: Toshihiko SHIMOKAWA Date: Fri, 13 Mar 2026 11:17:31 +0900 Subject: [PATCH 01/11] feat: enable auto-merge for dependency update PRs Add an auto-merge step to the dependency-update workflow that automatically merges the PR when both tests and format checks pass. --- .github/workflows/dependency-update.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 7fae714..8f0b452 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -100,6 +100,7 @@ jobs: fi - name: Create Pull Request + id: create_pr if: steps.check_changes.outputs.changes == 'true' uses: peter-evans/create-pull-request@v7 with: @@ -126,3 +127,14 @@ jobs: labels: | dependencies automated + + - name: Enable auto-merge + if: >- + steps.create_pr.outputs.pull-request-number && + steps.test_run.outcome == 'success' && + steps.format_check.outcome == 'success' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh pr merge ${{ steps.create_pr.outputs.pull-request-number }} \ + --auto --merge From b68efff389af736fb7e6dc9306f1a3425c17337b Mon Sep 17 00:00:00 2001 From: Toshihiko SHIMOKAWA Date: Fri, 13 Mar 2026 11:30:51 +0900 Subject: [PATCH 02/11] fix: address review feedback on auto-merge step #22 - Add auto-merge input parameter (default: true) for opt-in control - Add continue-on-error to prevent workflow failure when auto-merge is not available on the repository - Update PR body to reflect auto-merge status instead of misleading manual review instructions --- .github/workflows/dependency-update.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 8f0b452..37112e6 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -26,6 +26,11 @@ on: default: 30 required: false type: number + auto-merge: + description: 'Enable auto-merge when tests and format pass' + default: true + required: false + type: boolean permissions: contents: write @@ -115,13 +120,7 @@ jobs: ## Test Results - Tests: ${{ steps.test_run.outcome }} - Format: ${{ steps.format_check.outcome }} - - Please review the changes and ensure all tests pass before merging. - - ### Checklist - - [ ] All tests pass - - [ ] No breaking changes in dependencies - - [ ] Security advisories addressed (if any) + - Auto-merge: ${{ inputs.auto-merge && steps.test_run.outcome == 'success' && steps.format_check.outcome == 'success' && 'enabled' || 'disabled (manual review required)' }} branch: dependency-update-${{ github.run_number }} delete-branch: true labels: | @@ -130,11 +129,14 @@ jobs: - name: Enable auto-merge if: >- + inputs.auto-merge && steps.create_pr.outputs.pull-request-number && steps.test_run.outcome == 'success' && steps.format_check.outcome == 'success' + continue-on-error: true env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | + echo "Enabling auto-merge for PR #${{ steps.create_pr.outputs.pull-request-number }}" gh pr merge ${{ steps.create_pr.outputs.pull-request-number }} \ --auto --merge From 035e452008e4f51e6e510c5ec033d3805f6ede69 Mon Sep 17 00:00:00 2001 From: Toshihiko SHIMOKAWA Date: Fri, 13 Mar 2026 12:41:24 +0900 Subject: [PATCH 03/11] fix: make auto-merge opt-in and add failure warning #22 - Change auto-merge default to false (opt-in) to prevent unexpected behavior in downstream repos upgrading to this version - Change PR body text from 'enabled' to 'requested' to reflect that auto-merge may not succeed - Add warning step when auto-merge fails to alert about missing repo settings - Update usage comment with auto-merge example --- .github/workflows/dependency-update.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 37112e6..71670c7 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -3,7 +3,9 @@ # Usage: # jobs: # dependency-update: -# uses: smkwlab/.github/.github/workflows/dependency-update.yml@v1.1.0 +# uses: smkwlab/.github/.github/workflows/dependency-update.yml@v1 +# with: +# auto-merge: true # optional: auto-merge when tests pass # secrets: inherit name: Dependency Update (Reusable) @@ -27,8 +29,8 @@ on: required: false type: number auto-merge: - description: 'Enable auto-merge when tests and format pass' - default: true + description: 'Enable auto-merge when tests and format pass (requires allow_auto_merge repo setting)' + default: false required: false type: boolean @@ -120,7 +122,7 @@ jobs: ## Test Results - Tests: ${{ steps.test_run.outcome }} - Format: ${{ steps.format_check.outcome }} - - Auto-merge: ${{ inputs.auto-merge && steps.test_run.outcome == 'success' && steps.format_check.outcome == 'success' && 'enabled' || 'disabled (manual review required)' }} + - Auto-merge: ${{ inputs.auto-merge && steps.test_run.outcome == 'success' && steps.format_check.outcome == 'success' && 'requested' || 'disabled (manual review required)' }} branch: dependency-update-${{ github.run_number }} delete-branch: true labels: | @@ -128,6 +130,7 @@ jobs: automated - name: Enable auto-merge + id: auto_merge if: >- inputs.auto-merge && steps.create_pr.outputs.pull-request-number && @@ -140,3 +143,8 @@ jobs: echo "Enabling auto-merge for PR #${{ steps.create_pr.outputs.pull-request-number }}" gh pr merge ${{ steps.create_pr.outputs.pull-request-number }} \ --auto --merge + + - name: Warn if auto-merge failed + if: steps.auto_merge.outcome == 'failure' + run: | + echo "::warning::Auto-merge could not be enabled. Check that 'Allow auto-merge' is enabled in repository settings." From ff12bceffa59ff2eb1e965dec4904c2020e53a0d Mon Sep 17 00:00:00 2001 From: Toshihiko SHIMOKAWA Date: Fri, 13 Mar 2026 13:11:10 +0900 Subject: [PATCH 04/11] fix: improve auto-merge status message and configurable merge method #22 - Distinguish three auto-merge states in PR body: disabled, skipped (checks failed), and requested - Add merge-method input parameter (merge/squash/rebase) to support repos with different merge policies --- .github/workflows/dependency-update.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 71670c7..3370fd7 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -33,6 +33,11 @@ on: default: false required: false type: boolean + merge-method: + description: 'Merge method for auto-merge (merge, squash, or rebase)' + default: 'merge' + required: false + type: string permissions: contents: write @@ -122,7 +127,7 @@ jobs: ## Test Results - Tests: ${{ steps.test_run.outcome }} - Format: ${{ steps.format_check.outcome }} - - Auto-merge: ${{ inputs.auto-merge && steps.test_run.outcome == 'success' && steps.format_check.outcome == 'success' && 'requested' || 'disabled (manual review required)' }} + - Auto-merge: ${{ !inputs.auto-merge && 'disabled' || (steps.test_run.outcome != 'success' || steps.format_check.outcome != 'success') && 'skipped (checks failed)' || 'requested' }} branch: dependency-update-${{ github.run_number }} delete-branch: true labels: | @@ -142,7 +147,7 @@ jobs: run: | echo "Enabling auto-merge for PR #${{ steps.create_pr.outputs.pull-request-number }}" gh pr merge ${{ steps.create_pr.outputs.pull-request-number }} \ - --auto --merge + --auto --${{ inputs.merge-method }} - name: Warn if auto-merge failed if: steps.auto_merge.outcome == 'failure' From 7b411c9b0894d3cefb9a174202b37f15b6e6fbff Mon Sep 17 00:00:00 2001 From: Toshihiko SHIMOKAWA Date: Fri, 13 Mar 2026 13:19:52 +0900 Subject: [PATCH 05/11] fix: rename inputs to underscore, validate merge method, add --delete-branch #22 - Rename auto-merge/merge-method to auto_merge/merge_method to avoid hyphen being interpreted as subtraction in GitHub Actions expressions - Add merge method validation step to whitelist merge/squash/rebase and prevent shell injection - Add --delete-branch flag to gh pr merge to clean up branches after auto-merge --- .github/workflows/dependency-update.yml | 30 ++++++++++++++++++------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 3370fd7..b70f9c0 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -5,7 +5,7 @@ # dependency-update: # uses: smkwlab/.github/.github/workflows/dependency-update.yml@v1 # with: -# auto-merge: true # optional: auto-merge when tests pass +# auto_merge: true # optional: auto-merge when tests pass # secrets: inherit name: Dependency Update (Reusable) @@ -28,12 +28,12 @@ on: default: 30 required: false type: number - auto-merge: + auto_merge: description: 'Enable auto-merge when tests and format pass (requires allow_auto_merge repo setting)' default: false required: false type: boolean - merge-method: + merge_method: description: 'Merge method for auto-merge (merge, squash, or rebase)' default: 'merge' required: false @@ -127,27 +127,41 @@ jobs: ## Test Results - Tests: ${{ steps.test_run.outcome }} - Format: ${{ steps.format_check.outcome }} - - Auto-merge: ${{ !inputs.auto-merge && 'disabled' || (steps.test_run.outcome != 'success' || steps.format_check.outcome != 'success') && 'skipped (checks failed)' || 'requested' }} + - Auto-merge: ${{ !inputs.auto_merge && 'disabled' || (steps.test_run.outcome != 'success' || steps.format_check.outcome != 'success') && 'skipped (checks failed)' || 'requested' }} branch: dependency-update-${{ github.run_number }} delete-branch: true labels: | dependencies automated - - name: Enable auto-merge - id: auto_merge + - name: Validate merge method + id: validate_merge if: >- - inputs.auto-merge && + inputs.auto_merge && steps.create_pr.outputs.pull-request-number && steps.test_run.outcome == 'success' && steps.format_check.outcome == 'success' + run: | + case "${{ inputs.merge_method }}" in + merge|squash|rebase) + echo "method=${{ inputs.merge_method }}" >> "$GITHUB_OUTPUT" + ;; + *) + echo "::error::Invalid merge method: ${{ inputs.merge_method }}. Must be merge, squash, or rebase." + exit 1 + ;; + esac + + - name: Enable auto-merge + id: auto_merge + if: steps.validate_merge.outcome == 'success' continue-on-error: true env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | echo "Enabling auto-merge for PR #${{ steps.create_pr.outputs.pull-request-number }}" gh pr merge ${{ steps.create_pr.outputs.pull-request-number }} \ - --auto --${{ inputs.merge-method }} + --auto --delete-branch --${{ steps.validate_merge.outputs.method }} - name: Warn if auto-merge failed if: steps.auto_merge.outcome == 'failure' From 0adb13dd664975e1fa1e1d17448b12afd3c89085 Mon Sep 17 00:00:00 2001 From: Toshihiko SHIMOKAWA Date: Fri, 13 Mar 2026 16:09:09 +0900 Subject: [PATCH 06/11] fix: document snake_case rationale, improve auto-merge feedback #22 - Add comment explaining why auto_merge/merge_method use snake_case (hyphens interpreted as subtraction in if: expressions) - Fix description to reference actual UI setting name "Allow auto-merge" in repo Settings > General - Change PR body auto-merge status to "pending" instead of "requested" to avoid implying success before the step runs - Add PR comment step to confirm actual auto-merge result (success or failure with detailed error output and troubleshooting guide) - Use env vars instead of direct expression interpolation in shell commands for safer execution --- .github/workflows/dependency-update.yml | 44 ++++++++++++++++++++----- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index b70f9c0..0122ae8 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -28,8 +28,11 @@ on: default: 30 required: false type: number + # NOTE: snake_case is intentional for auto_merge and merge_method. + # Hyphens in input names are interpreted as subtraction in GitHub Actions + # `if:` expressions (e.g., inputs.auto-merge → inputs.auto minus merge). auto_merge: - description: 'Enable auto-merge when tests and format pass (requires allow_auto_merge repo setting)' + description: 'Enable auto-merge when tests and format pass (requires "Allow auto-merge" in repo Settings > General)' default: false required: false type: boolean @@ -127,7 +130,7 @@ jobs: ## Test Results - Tests: ${{ steps.test_run.outcome }} - Format: ${{ steps.format_check.outcome }} - - Auto-merge: ${{ !inputs.auto_merge && 'disabled' || (steps.test_run.outcome != 'success' || steps.format_check.outcome != 'success') && 'skipped (checks failed)' || 'requested' }} + - Auto-merge: ${{ !inputs.auto_merge && 'disabled' || (steps.test_run.outcome != 'success' || steps.format_check.outcome != 'success') && 'skipped (checks failed)' || 'pending (will be confirmed by workflow)' }} branch: dependency-update-${{ github.run_number }} delete-branch: true labels: | @@ -158,12 +161,37 @@ jobs: continue-on-error: true env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PR_NUMBER: ${{ steps.create_pr.outputs.pull-request-number }} + MERGE_METHOD: ${{ steps.validate_merge.outputs.method }} run: | - echo "Enabling auto-merge for PR #${{ steps.create_pr.outputs.pull-request-number }}" - gh pr merge ${{ steps.create_pr.outputs.pull-request-number }} \ - --auto --delete-branch --${{ steps.validate_merge.outputs.method }} + echo "Enabling auto-merge for PR #${PR_NUMBER}" + gh pr merge "${PR_NUMBER}" \ + --auto --delete-branch "--${MERGE_METHOD}" 2>&1 | tee /tmp/auto-merge-output.txt - - name: Warn if auto-merge failed - if: steps.auto_merge.outcome == 'failure' + - name: Update PR on auto-merge result + if: steps.auto_merge.outcome == 'success' || steps.auto_merge.outcome == 'failure' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + PR_NUMBER: ${{ steps.create_pr.outputs.pull-request-number }} run: | - echo "::warning::Auto-merge could not be enabled. Check that 'Allow auto-merge' is enabled in repository settings." + if [ "${{ steps.auto_merge.outcome }}" = "success" ]; then + gh pr comment "${PR_NUMBER}" --body "Auto-merge has been enabled successfully." + else + ERROR_OUTPUT=$(cat /tmp/auto-merge-output.txt 2>/dev/null || echo "unknown error") + gh pr comment "${PR_NUMBER}" --body "$(cat < General + - The merge method (${MERGE_METHOD:-merge}) is not allowed by repository settings + - Insufficient token permissions + - Branch protection rules are blocking auto-merge + + **Error output:** + \`\`\` + ${ERROR_OUTPUT} + \`\`\` + EOFCOMMENT + )" + echo "::warning::Auto-merge could not be enabled. See PR comment for details." + fi From f5a6d2102fd68568c62258ddc91de824cc274ffe Mon Sep 17 00:00:00 2001 From: Toshihiko SHIMOKAWA Date: Fri, 13 Mar 2026 16:39:54 +0900 Subject: [PATCH 07/11] fix: pipefail, heredoc escaping, env var, and comment clarity #22 - Clarify snake_case comment: explain that kebab-case inputs are safe in with:/interpolation contexts, only if: expressions need snake_case - Add set -o pipefail so gh pr merge failures are not masked by tee - Replace unquoted heredoc with string concatenation to avoid backslash escaping issues in PR comments - Add MERGE_METHOD env var to the result reporting step --- .github/workflows/dependency-update.yml | 34 ++++++++++++------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 0122ae8..b0dda4e 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -29,8 +29,10 @@ on: required: false type: number # NOTE: snake_case is intentional for auto_merge and merge_method. - # Hyphens in input names are interpreted as subtraction in GitHub Actions - # `if:` expressions (e.g., inputs.auto-merge → inputs.auto minus merge). + # These inputs are used in `if:` expressions where hyphens are parsed + # as the subtraction operator (e.g., inputs.auto-merge → inputs.auto minus merge). + # The existing kebab-case inputs (otp-version, etc.) are only used in + # `with:` / `${{ }}` string interpolation contexts where hyphens are safe. auto_merge: description: 'Enable auto-merge when tests and format pass (requires "Allow auto-merge" in repo Settings > General)' default: false @@ -164,6 +166,7 @@ jobs: PR_NUMBER: ${{ steps.create_pr.outputs.pull-request-number }} MERGE_METHOD: ${{ steps.validate_merge.outputs.method }} run: | + set -o pipefail echo "Enabling auto-merge for PR #${PR_NUMBER}" gh pr merge "${PR_NUMBER}" \ --auto --delete-branch "--${MERGE_METHOD}" 2>&1 | tee /tmp/auto-merge-output.txt @@ -173,25 +176,22 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} PR_NUMBER: ${{ steps.create_pr.outputs.pull-request-number }} + MERGE_METHOD: ${{ steps.validate_merge.outputs.method }} run: | if [ "${{ steps.auto_merge.outcome }}" = "success" ]; then gh pr comment "${PR_NUMBER}" --body "Auto-merge has been enabled successfully." else ERROR_OUTPUT=$(cat /tmp/auto-merge-output.txt 2>/dev/null || echo "unknown error") - gh pr comment "${PR_NUMBER}" --body "$(cat < General - - The merge method (${MERGE_METHOD:-merge}) is not allowed by repository settings - - Insufficient token permissions - - Branch protection rules are blocking auto-merge - - **Error output:** - \`\`\` - ${ERROR_OUTPUT} - \`\`\` - EOFCOMMENT - )" + BODY="⚠️ Auto-merge could not be enabled." + BODY="${BODY}"$'\n\n'"**Possible causes:**" + BODY="${BODY}"$'\n'"- \"Allow auto-merge\" is not enabled in repository Settings > General" + BODY="${BODY}"$'\n'"- The merge method (${MERGE_METHOD}) is not allowed by repository settings" + BODY="${BODY}"$'\n'"- Insufficient token permissions" + BODY="${BODY}"$'\n'"- Branch protection rules are blocking auto-merge" + BODY="${BODY}"$'\n\n'"**Error output:**" + BODY="${BODY}"$'\n'"\`\`\`" + BODY="${BODY}"$'\n'"${ERROR_OUTPUT}" + BODY="${BODY}"$'\n'"\`\`\`" + gh pr comment "${PR_NUMBER}" --body "${BODY}" echo "::warning::Auto-merge could not be enabled. See PR comment for details." fi From f4c7cc9562db57a99fa208b4266d6090ef8c9e1e Mon Sep 17 00:00:00 2001 From: Toshihiko SHIMOKAWA Date: Fri, 13 Mar 2026 17:00:49 +0900 Subject: [PATCH 08/11] fix: extract auto-merge status to separate step, document continue-on-error #22 - Move auto-merge status calculation from inline expression to dedicated step for readability and maintainability - Add comment explaining why continue-on-error is intentional: PR creation is the primary goal, auto-merge failure is reported via PR comment rather than failing the workflow --- .github/workflows/dependency-update.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index b0dda4e..ad62dba 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -116,6 +116,18 @@ jobs: } >> "$GITHUB_ENV" fi + - name: Determine auto-merge status + id: auto_merge_status + if: steps.check_changes.outputs.changes == 'true' + run: | + if [ "${{ inputs.auto_merge }}" != "true" ]; then + echo "label=disabled" >> "$GITHUB_OUTPUT" + elif [ "${{ steps.test_run.outcome }}" != "success" ] || [ "${{ steps.format_check.outcome }}" != "success" ]; then + echo "label=skipped (checks failed)" >> "$GITHUB_OUTPUT" + else + echo "label=pending (will be confirmed by workflow)" >> "$GITHUB_OUTPUT" + fi + - name: Create Pull Request id: create_pr if: steps.check_changes.outputs.changes == 'true' @@ -132,7 +144,7 @@ jobs: ## Test Results - Tests: ${{ steps.test_run.outcome }} - Format: ${{ steps.format_check.outcome }} - - Auto-merge: ${{ !inputs.auto_merge && 'disabled' || (steps.test_run.outcome != 'success' || steps.format_check.outcome != 'success') && 'skipped (checks failed)' || 'pending (will be confirmed by workflow)' }} + - Auto-merge: ${{ steps.auto_merge_status.outputs.label }} branch: dependency-update-${{ github.run_number }} delete-branch: true labels: | @@ -160,6 +172,8 @@ jobs: - name: Enable auto-merge id: auto_merge if: steps.validate_merge.outcome == 'success' + # continue-on-error: PR creation already succeeded; auto-merge failure + # is reported via PR comment, not by failing the entire workflow. continue-on-error: true env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From a0371759a24dc11c786d52565ca057031b3426eb Mon Sep 17 00:00:00 2001 From: Toshihiko SHIMOKAWA Date: Fri, 13 Mar 2026 17:19:32 +0900 Subject: [PATCH 09/11] fix: use bracket notation for hyphenated output names in expressions #22 - Change steps.create_pr.outputs.pull-request-number to steps.create_pr.outputs['pull-request-number'] in all references - Hyphens in output names are parsed as subtraction in if: expressions --- .github/workflows/dependency-update.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index ad62dba..d9063d5 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -155,7 +155,7 @@ jobs: id: validate_merge if: >- inputs.auto_merge && - steps.create_pr.outputs.pull-request-number && + steps.create_pr.outputs['pull-request-number'] && steps.test_run.outcome == 'success' && steps.format_check.outcome == 'success' run: | @@ -177,7 +177,7 @@ jobs: continue-on-error: true env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR_NUMBER: ${{ steps.create_pr.outputs.pull-request-number }} + PR_NUMBER: ${{ steps.create_pr.outputs['pull-request-number'] }} MERGE_METHOD: ${{ steps.validate_merge.outputs.method }} run: | set -o pipefail @@ -189,7 +189,7 @@ jobs: if: steps.auto_merge.outcome == 'success' || steps.auto_merge.outcome == 'failure' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR_NUMBER: ${{ steps.create_pr.outputs.pull-request-number }} + PR_NUMBER: ${{ steps.create_pr.outputs['pull-request-number'] }} MERGE_METHOD: ${{ steps.validate_merge.outputs.method }} run: | if [ "${{ steps.auto_merge.outcome }}" = "success" ]; then From c0b08fd027ece8f1882f3d3d7f45272622e2689d Mon Sep 17 00:00:00 2001 From: Toshihiko SHIMOKAWA Date: Fri, 13 Mar 2026 18:45:40 +0900 Subject: [PATCH 10/11] fix: move merge method validation before PR creation for early fail #22 - Move validate_merge step before create_pr so invalid merge_method is detected before PR is created - Add "skipped (invalid merge method)" status to auto_merge_status - Enable auto-merge step now checks validate_merge.outcome along with PR number and test results --- .github/workflows/dependency-update.yml | 36 +++++++++++++------------ 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index d9063d5..b239f9c 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -116,12 +116,28 @@ jobs: } >> "$GITHUB_ENV" fi + - name: Validate merge method + id: validate_merge + if: inputs.auto_merge + run: | + case "${{ inputs.merge_method }}" in + merge|squash|rebase) + echo "method=${{ inputs.merge_method }}" >> "$GITHUB_OUTPUT" + ;; + *) + echo "::error::Invalid merge method: ${{ inputs.merge_method }}. Must be merge, squash, or rebase." + exit 1 + ;; + esac + - name: Determine auto-merge status id: auto_merge_status if: steps.check_changes.outputs.changes == 'true' run: | if [ "${{ inputs.auto_merge }}" != "true" ]; then echo "label=disabled" >> "$GITHUB_OUTPUT" + elif [ "${{ steps.validate_merge.outcome }}" = "failure" ]; then + echo "label=skipped (invalid merge method)" >> "$GITHUB_OUTPUT" elif [ "${{ steps.test_run.outcome }}" != "success" ] || [ "${{ steps.format_check.outcome }}" != "success" ]; then echo "label=skipped (checks failed)" >> "$GITHUB_OUTPUT" else @@ -151,27 +167,13 @@ jobs: dependencies automated - - name: Validate merge method - id: validate_merge + - name: Enable auto-merge + id: auto_merge if: >- - inputs.auto_merge && + steps.validate_merge.outcome == 'success' && steps.create_pr.outputs['pull-request-number'] && steps.test_run.outcome == 'success' && steps.format_check.outcome == 'success' - run: | - case "${{ inputs.merge_method }}" in - merge|squash|rebase) - echo "method=${{ inputs.merge_method }}" >> "$GITHUB_OUTPUT" - ;; - *) - echo "::error::Invalid merge method: ${{ inputs.merge_method }}. Must be merge, squash, or rebase." - exit 1 - ;; - esac - - - name: Enable auto-merge - id: auto_merge - if: steps.validate_merge.outcome == 'success' # continue-on-error: PR creation already succeeded; auto-merge failure # is reported via PR comment, not by failing the entire workflow. continue-on-error: true From 06699dafcdf0e6c9e9d8a702e67ffc25ab4dd6ec Mon Sep 17 00:00:00 2001 From: Toshihiko SHIMOKAWA Date: Fri, 13 Mar 2026 19:02:25 +0900 Subject: [PATCH 11/11] fix: allow PR creation even with invalid merge_method, simplify NOTE #22 - Add continue-on-error to validate_merge so invalid merge_method does not block PR creation - Simplify snake_case NOTE to avoid misleading claims about where kebab-case inputs are used --- .github/workflows/dependency-update.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index b239f9c..b82f0c2 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -28,11 +28,9 @@ on: default: 30 required: false type: number - # NOTE: snake_case is intentional for auto_merge and merge_method. - # These inputs are used in `if:` expressions where hyphens are parsed - # as the subtraction operator (e.g., inputs.auto-merge → inputs.auto minus merge). - # The existing kebab-case inputs (otp-version, etc.) are only used in - # `with:` / `${{ }}` string interpolation contexts where hyphens are safe. + # NOTE: snake_case is intentional for auto_merge and merge_method + # because they are used in `if:` expressions where hyphens would be + # parsed as the subtraction operator. auto_merge: description: 'Enable auto-merge when tests and format pass (requires "Allow auto-merge" in repo Settings > General)' default: false @@ -119,6 +117,7 @@ jobs: - name: Validate merge method id: validate_merge if: inputs.auto_merge + continue-on-error: true run: | case "${{ inputs.merge_method }}" in merge|squash|rebase)