Skip to content

Streamline dependabot workflow #2527

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
joelhawksley merged 11 commits into from
Jan 12, 2026
Merged

Streamline dependabot workflow #2527

joelhawksley merged 11 commits into from
Jan 12, 2026
+38 −4

Conversation

@joelhawksley
Copy link
Member

@joelhawksley joelhawksley commented Jan 8, 2026

What are you trying to accomplish?

This PR streamlines the dependabot workflow significantly by:

  1. Not requiring a changelog on gemfile.lock-only PRs, enabling them to pass CI on their own.
  2. Auto-approving and auto-merging dependabot PRs.
  3. Running dependabot daily.

@joelhawksley joelhawksley requested a review from Copilot January 8, 2026 22:38
Copilot AI reviewed Jan 8, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR streamlines the dependabot workflow by exempting Gemfile.lock-only changes from changelog requirements, implementing automatic approval and merging of dependabot PRs, and increasing the update frequency from weekly to daily.

Key changes:

  • Modified changelog check to skip requirement when only Gemfile.lock files are changed
  • Added new workflow to automatically approve and merge dependabot PRs
  • Changed dependabot schedule from weekly to daily for both root and docs directories

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File Description
docs/CHANGELOG.md Documents the new auto-merge functionality for dependabot PRs
.github/workflows/lint.yml Updates changelog validation to exclude Gemfile.lock-only changes from requiring a changelog entry
.github/workflows/dependabot-auto-merge.yml New workflow that automatically approves and enables auto-merge for dependabot PRs
.github/dependabot.yml Increases update frequency from weekly to daily for dependency updates
Comments suppressed due to low confidence (1)

.github/workflows/dependabot-auto-merge.yml:28

  • The workflow auto-merges all dependabot PRs regardless of update type (major, minor, or patch). Major version updates can introduce breaking changes that might not be caught by automated tests. Consider using the metadata from the 'Dependabot metadata' step to conditionally auto-merge only patch and minor updates, requiring manual review for major version updates. You can access the update type via 'steps.metadata.outputs.update-type'.
      - name: Enable auto-merge for Dependabot PRs
        run: gh pr merge --auto --merge "$PR_URL"
        env:
          PR_URL: ${{github.event.pull_request.html_url}}
          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@joelhawksley joelhawksley merged commit 13de693 into main Jan 12, 2026
17 of 18 checks passed
@joelhawksley joelhawksley deleted the dependabot-automerge branch January 12, 2026 15:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@BlakeWilliams BlakeWilliams BlakeWilliams approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@joelhawksley @BlakeWilliams