ci: auto-merge dependency update PRs#141
Open
Mic92 wants to merge 3 commits into
Open
Conversation
Dependency bumps and contributions had no automated signal before
landing. Run the standard Rust checks on every PR and push to main so
breakage surfaces before merge. Clippy is non-blocking until the
existing lints are cleaned up.
Repo setup (for an agent with admin `gh` access, REPO=<owner>/<repo>):
# allow PRs to use auto-merge
gh api -X PATCH "repos/$REPO" -f allow_auto_merge=true
# require the `test` check on the default branch via a ruleset
# (integration_id 15368 = GitHub Actions, actor_id 5 = repo admin bypass)
gh api -X POST "repos/$REPO/rulesets" --input - <<'JSON'
{
"name": "main",
"target": "branch",
"enforcement": "active",
"conditions": { "ref_name": { "include": ["~DEFAULT_BRANCH"], "exclude": [] } },
"bypass_actors": [
{ "actor_id": 5, "actor_type": "RepositoryRole", "bypass_mode": "always" }
],
"rules": [
{ "type": "deletion" },
{ "type": "non_fast_forward" },
{ "type": "required_status_checks",
"parameters": {
"strict_required_status_checks_policy": false,
"required_status_checks": [
{ "context": "test", "integration_id": 15368 }
]
}
}
]
}
JSON
Keep dependencies and flake inputs current without manual lockfile maintenance. Updates are grouped per ecosystem so the weekly churn arrives as a handful of PRs rather than one per crate or input.
Dependabot PRs otherwise pile up and require manual approval for routine bumps. Let Mic92/auto-merge enable auto-merge so they land once required checks pass, keeping the lockfiles current without maintainer round-trips.
ae2f049 to
c6d1726
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stacked on #140 and the Dependabot PR.
This makes the Dependabot PRs merge themselves once the
testcheck from #140 is green, so routine bumps don't need a maintainer round-trip. I tested the whole pipeline on my fork — see Mic92#2 for a real run where Dependabot opened the nix flake bump, this workflow enabled auto-merge, and it landed after CI passed. Needsallow_auto_mergeenabled on the repo (see #140).