Skip to content

Add GitHub Actions for Dependabot auto-merge and CI #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
uknownothingsnow wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add GitHub Actions for Dependabot auto-merge and CI #12

uknownothingsnow wants to merge 1 commit into from

Conversation

@uknownothingsnow
Copy link
Owner

@uknownothingsnow uknownothingsnow commented Jun 13, 2025

This PR adds automated dependency management and continuous integration to the repository.

What's Added

🤖 Dependabot Auto-Merge Workflow

  • File: .github/workflows/dependabot-auto-merge.yml
  • Automatically merges Dependabot pull requests when tests pass
  • Safety features:
    • Only auto-merges patch and minor version updates
    • Requires manual review for major version updates
    • Runs full build and test suite before merging
    • Uses GitHub's built-in auto-merge feature for safety

🔄 Continuous Integration Workflow

  • File: .github/workflows/ci.yml
  • Runs on all pull requests and pushes to main/master
  • Builds the project and runs available tests
  • Provides feedback on code quality for all contributors

📦 Dependabot Configuration

  • File: .github/dependabot.yml
  • Enables automatic dependency updates for:
    • Gradle dependencies (weekly on Mondays)
    • GitHub Actions (weekly on Mondays)
  • Configured with appropriate labels and reviewers
  • Limits concurrent PRs to prevent spam

How It Works

  1. Dependabot creates PRs for dependency updates weekly
  2. CI workflow automatically runs tests on the PR
  3. Auto-merge workflow (only for Dependabot PRs):
    • ✅ Auto-merges if tests pass and it's a patch/minor update
    • ⚠️ Comments and requires manual review for major updates
    • 🛑 Does nothing if tests fail

Benefits

  • 🔒 Security: Keeps dependencies up-to-date automatically
  • Efficiency: Reduces manual work for routine updates
  • 🛡️ Safety: Only merges when tests pass and changes are low-risk
  • 📊 Visibility: Clear CI status on all pull requests

Compatibility

  • Uses JDK 8 to match the project's current setup
  • Handles older Gradle versions gracefully
  • Includes fallbacks for missing test tasks
  • Works with the existing project structure

The workflows are designed to be safe and conservative - they will only auto-merge when it's clearly safe to do so.

@uknownothingsnow can click here to continue refining the PR

@openhands-agent
Add GitHub Actions for Dependabot auto-merge and CI
c5b6be4 
- Add Dependabot auto-merge workflow that merges PRs when tests pass
- Only auto-merge patch and minor version updates
- Require manual review for major version updates
- Add general CI workflow for all pull requests
- Add Dependabot configuration for Gradle and GitHub Actions dependencies
- Configure weekly dependency update schedule
@openhands-ai
Copy link

openhands-ai bot commented Jun 13, 2025

Looks like there are a few issues preventing this PR from being merged!

  • GitHub Actions are failing:
    • CI

If you'd like me to help, just leave a comment, like

@OpenHands please fix the failing actions on PR #12

Feel free to include any additional details that might help me get this PR into a better state.

You can manage your notification settings

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@uknownothingsnow @openhands-agent