I’ve recently been using a combination of GitHub apps to automate the approval and merging of Dependabot pull requests, but wanted to simplify this into a GitHub workflow, using branch protection and GitHub’s auto merge feature.

The GitHub workflow looks something like:

name: Dependabot
on: pull_request

permissions:
  contents: write

jobs:
  dependabot:
    runs-on: ubuntu-latest
    if: ${{ github.actor == 'dependabot[bot]' }}
    env:
      PR_URL: ${{github.event.pull_request.html_url}}
      GITHUB_TOKEN: ${{secrets.MY_PA_TOKEN}}
    steps:
      - name: approve
        run: gh pr review --approve "$PR_URL"
      - name: merge
        run: gh pr merge --auto --squash --delete-branch "$PR_URL"

❗ Warning : I wouldn’t implement this without branch protection and required status checks.

And it works! 🎉

The pull request now looks like the following:

Automating DependaBot pull request approval and merging

Once I had this implemented and pushed to all the repositories, I just need to tell Dependabot to rebase all pull requests.

It would be fairly easy to add a check for labels on the pull request, and only gh approve if the label was present, but I really didn’t have a use case for this right now because I feel confident in the required status checks.