From fd8ad46f2872c6b42fa509e0b0e90bfbda59c2cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Cobucci?= Date: Mon, 1 Feb 2021 14:48:31 +0100 Subject: [PATCH] Switch to native dependabot --- .github/dependabot.yml | 14 ++++++++++++ .github/workflows/merge-bot.yml | 39 +++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/merge-bot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..a21532b8 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +version: 2 +updates: +- package-ecosystem: composer + directory: "/" + schedule: + interval: daily + time: "06:00" + reviewers: + - lcobucci + versioning-strategy: increase + open-pull-requests-limit: 20 + allow: + - dependency-type: all + labels: ["Dependencies"] diff --git a/.github/workflows/merge-bot.yml b/.github/workflows/merge-bot.yml new file mode 100644 index 00000000..66011470 --- /dev/null +++ b/.github/workflows/merge-bot.yml @@ -0,0 +1,39 @@ +name: Merge me! + +on: + check_suite: + types: + - completed + pull_request: + types: + - edited + - labeled + - opened + - ready_for_review + - reopened + - synchronize + - unlabeled + - unlocked + +jobs: + merge-me: + name: Merge me! + runs-on: ubuntu-latest + steps: + - name: Merge me! + uses: ridedott/merge-me-action@v1 + with: + # Depending on branch protection rules, a manually populated + # `GITHUB_TOKEN_WORKAROUND` environment variable with permissions to + # push to a protected branch must be used. This variable can have an + # arbitrary name, as an example, this repository uses + # `GITHUB_TOKEN_DOTTBOTT`. + # + # When using a custom token, it is recommended to leave the following + # comment for other developers to be aware of the reasoning behind it: + # + # This must be used as GitHub Actions token does not support + # pushing to protected branches. + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_LOGIN: dependabot[bot] + MERGE_METHOD: MERGE