Skip to content

ci: auto-merge dependency update PRs#141

Open
Mic92 wants to merge 3 commits into
raine:mainfrom
Mic92:ci/auto-merge
Open

ci: auto-merge dependency update PRs#141
Mic92 wants to merge 3 commits into
raine:mainfrom
Mic92:ci/auto-merge

Conversation

@Mic92

@Mic92 Mic92 commented Apr 21, 2026

Copy link
Copy Markdown
Contributor

Stacked on #140 and the Dependabot PR.

This makes the Dependabot PRs merge themselves once the test check from #140 is green, so routine bumps don't need a maintainer round-trip. I tested the whole pipeline on my fork — see Mic92#2 for a real run where Dependabot opened the nix flake bump, this workflow enabled auto-merge, and it landed after CI passed. Needs allow_auto_merge enabled on the repo (see #140).

Mic92 added 3 commits April 21, 2026 10:11
Dependency bumps and contributions had no automated signal before
landing. Run the standard Rust checks on every PR and push to main so
breakage surfaces before merge. Clippy is non-blocking until the
existing lints are cleaned up.

Repo setup (for an agent with admin `gh` access, REPO=<owner>/<repo>):

  # allow PRs to use auto-merge
  gh api -X PATCH "repos/$REPO" -f allow_auto_merge=true

  # require the `test` check on the default branch via a ruleset
  # (integration_id 15368 = GitHub Actions, actor_id 5 = repo admin bypass)
  gh api -X POST "repos/$REPO/rulesets" --input - <<'JSON'
  {
    "name": "main",
    "target": "branch",
    "enforcement": "active",
    "conditions": { "ref_name": { "include": ["~DEFAULT_BRANCH"], "exclude": [] } },
    "bypass_actors": [
      { "actor_id": 5, "actor_type": "RepositoryRole", "bypass_mode": "always" }
    ],
    "rules": [
      { "type": "deletion" },
      { "type": "non_fast_forward" },
      { "type": "required_status_checks",
        "parameters": {
          "strict_required_status_checks_policy": false,
          "required_status_checks": [
            { "context": "test", "integration_id": 15368 }
          ]
        }
      }
    ]
  }
  JSON
Keep dependencies and flake inputs current without manual lockfile
maintenance. Updates are grouped per ecosystem so the weekly churn
arrives as a handful of PRs rather than one per crate or input.
Dependabot PRs otherwise pile up and require manual approval for
routine bumps. Let Mic92/auto-merge enable auto-merge so they land
once required checks pass, keeping the lockfiles current without
maintainer round-trips.
@raine raine force-pushed the main branch 3 times, most recently from ae2f049 to c6d1726 Compare May 3, 2026 07:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant