You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/code-security/tutorials/secure-your-dependencies/automating-dependabot-with-github-actions.md
-16Lines changed: 0 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -51,8 +51,6 @@ Most automation requires you to know information about the contents of the pull
51
51
52
52
Example:
53
53
54
-
{% raw %}
55
-
56
54
```yaml copy
57
55
{% data reusables.actions.actions-not-certified-by-github-comment %}
58
56
name: Dependabot fetch metadata
@@ -78,8 +76,6 @@ jobs:
78
76
# - steps.metadata.outputs.update-type
79
77
```
80
78
81
-
{% endraw %}
82
-
83
79
For more information, see the [`dependabot/fetch-metadata`](https://github.com/dependabot/fetch-metadata) repository.
84
80
85
81
## Labeling a pull request
@@ -88,8 +84,6 @@ If you have other automation or triage workflows based on {% data variables.prod
88
84
89
85
Example that flags all production dependency updates with a label:
90
86
91
-
{% raw %}
92
-
93
87
```yaml copy
94
88
{% data reusables.actions.actions-not-certified-by-github-comment %}
95
89
name: Dependabot auto-label
@@ -116,16 +110,12 @@ jobs:
116
110
PR_URL: ${{github.event.pull_request.html_url}}
117
111
```
118
112
119
-
{% endraw %}
120
-
121
113
## Automatically approving a pull request
122
114
123
115
You can automatically approve {% data variables.product.prodname_dependabot %} pull requests by using the {% data variables.product.prodname_cli %} in a workflow.
124
116
125
117
Example:
126
118
127
-
{% raw %}
128
-
129
119
```yaml copy
130
120
{% data reusables.actions.actions-not-certified-by-github-comment %}
131
121
name: Dependabot auto-approve
@@ -151,8 +141,6 @@ jobs:
151
141
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
152
142
```
153
143
154
-
{% endraw %}
155
-
156
144
## Enabling automerge on a pull request
157
145
158
146
If you want to allow maintainers to mark certain pull requests for automerge, you can use {% data variables.product.prodname_dotcom %}'s automerge functionality. This enables the pull request to be merged when any tests and approvals required by the branch protection rules are successfully met.
@@ -161,8 +149,6 @@ For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-req
161
149
162
150
You can instead use {% data variables.product.prodname_actions %} and the {% data variables.product.prodname_cli %}. Here is an example that automerges all patch updates to `my-dependency`:
163
151
164
-
{% raw %}
165
-
166
152
```yaml copy
167
153
{% data reusables.actions.actions-not-certified-by-github-comment %}
168
154
name: Dependabot auto-merge
@@ -190,8 +176,6 @@ jobs:
190
176
GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
191
177
```
192
178
193
-
{% endraw %}
194
-
195
179
> [!NOTE]
196
180
> If you use status checks to test pull requests, you should enable **Require status checks to pass before merging** for the target branch for {% data variables.product.prodname_dependabot %} pull requests. This branch protection rule ensures that pull requests are not merged unless **all the required status checks pass**. For more information, see [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/managing-a-branch-protection-rule).
0 commit comments