I mainly use this action for below use-case when they should run after multiple CI workflows
- Deploy to Firebase/Vercel/Netlify
- Release with GitHub releasing
- Auto approve and merge dependabot PRs without PAT(Personal Access Token)
- Auto approve and merge renovatebot PRs without
platformAutomergefeature
- Assume test jobs defined in another workflow
- Assume 1 workflow file defines 2 jobs with this action, it needs to avoid deadlocks with
skip-listorskip-same-workflowoption
name: Merge bot PR after CI
on: pull_request
permissions:
contents: write
pull-requests: write
# checks: read # For private repositories
# actions: read # For private repositories
jobs:
dependabot:
runs-on: ubuntu-24.04
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@0fb21704c18a42ce5aa8d720ea4b912f5e6babef # v2.0.0
- name: Wait other jobs
if: ${{steps.metadata.outputs.update-type != 'version-update:semver-major'}}
uses: kachick/[email protected]
timeout-minutes: 10
with:
skip-same-workflow: 'true'
- name: Approve and merge
if: ${{steps.metadata.outputs.update-type != 'version-update:semver-major'}}
run: gh pr review --approve "$PR_URL" && gh pr merge --auto --squash --delete-branch "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
renovate:
runs-on: ubuntu-24.04
if: ${{ github.actor == 'renovate[bot]' }}
steps:
- name: Wait other jobs
uses: kachick/[email protected]
timeout-minutes: 10
with:
skip-same-workflow: 'true'
- name: Approve and merge
run: gh pr review --approve "$PR_URL" && gh pr merge --auto --squash --delete-branch "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}I used a way to comment @dependabot merge in past. This is simple to ensure CI passed.
However it requires PAT(Personal Access Token).
PAT could't be reduced the permission scope to repository.
And it requires annoy steps to generate, sets and maintains tokens even if refined with beta version.
This action provides another way. It checks other workflows/jobs statuses in actions with GITHUB_TOKEN.
If you use GITHUB_TOKEN as above, make sure two options are enabled
https://github.com/OWNER/REPO/settings => Allow auto-merge
How to enable with gh CLI
gh repo edit --enable-auto-mergehttps://github.com/OWNER/REPO/settings/actions => Allow GitHub Actions to create and approve pull requests
How to enable with gh CLI
gh api \
--method PUT \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
'/repos/{owner}/{repo}/actions/permissions/workflow' \
-F can_approve_pull_request_reviews=trueSee GitHub Blog for further detail.
- Above merging logics are written in GitHub official docs. However GITHUB_TOKEN merged commit does not trigger new workflows even if defined as "push". So the badges will not be shown in commit history of default branch :<
automerge is slow. platformAutomerge requires many repository settings.
When you feel no issues around that, do not need to migrate to this action.
It requires many changes in repository settings around Allow auto-merge, Require status checks to pass before merging and specify the checked workflow name.
Especially specifying mandatory CI names in all personal repositories are annoy task to me.
If we are talking only about organizations, hashicorp/terraform might resolve it easier.