chore(github-actions): update auto-merge workflow for Dependabot PRs

miguelpeixe · miguelpeixe · commit 0ea0e3691da6 · 2026-02-20T11:08:08.000-03:00
- Adjusted conditions to trigger auto-merge only for Dependabot.
- Added steps to fetch Dependabot metadata and enable auto-merge for minor and patch updates.
- Updated GitHub token usage for improved security.
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
@@ -1,18 +1,25 @@
 on:
   pull_request_target:
-    types: [labeled]
 
 name: Dependabot auto-merge
 jobs:
   auto-merge:
     name: Auto-merge dependabot PRs for minor and patch updates
     runs-on: ubuntu-latest
-    if: |
-      contains( github.event.pull_request.labels.*.name, 'dependencies' )
-      && ! contains( github.event.pull_request.labels.*.name, '[Status] Approved' )
+    if: github.actor == 'dependabot[bot]'
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
-      - uses: actions/checkout@v2
-      - uses: ahmadnassri/action-dependabot-auto-merge@v2
+      - name: Fetch Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
         with:
-          target: minor # includes patch updates.
-          github-token: ${{ secrets.DEPENDABOT_TOKEN }}
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Enable auto-merge for minor and patch updates
+        if: steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.DEPENDABOT_TOKEN }}
