Configure Dependabot and CI-gated auto-merge for dependency updates by qqrm · Pull Request #62 · qqrm/rust-switcher

qqrm · 2026-02-18T15:58:31Z

Summary

added .github/dependabot.yml to enable weekly dependency update PRs for:
- Rust crates (cargo ecosystem)
- GitHub Actions (github-actions ecosystem)
configured labels and commit prefixes for easier triage (dependencies, rust, ci)
grouped all Rust dependency bumps into a single Dependabot PR (rust-dependencies) to reduce PR noise
added .github/workflows/dependabot-auto-merge.yml to automatically enable squash auto-merge for Dependabot PRs

Dependabot will regularly scan and open update PRs for Cargo and Actions dependencies.
For Dependabot PRs, GitHub will set auto-merge and wait until required CI checks pass.
Merge happens only after CI gates are green and branch protection requirements are satisfied.

Auto-merge relies on repository/branch protections and required status checks being configured in GitHub settings.
The workflow uses pull_request_target with an actor check (dependabot[bot]) and does not check out or execute PR code.

ci: configure dependabot updates and auto-merge

207da87

qqrm added the codex label Feb 18, 2026 — with ChatGPT Codex Connector

qqrm closed this Feb 18, 2026