Skip to content

Add workflow to auto-merge Dependabot PRs when tests pass #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
uknownothingsnow wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add workflow to auto-merge Dependabot PRs when tests pass #16

uknownothingsnow wants to merge 1 commit into from

Conversation

@uknownothingsnow
Copy link
Owner

@uknownothingsnow uknownothingsnow commented Jun 13, 2025

Purpose

This PR adds GitHub Actions workflows to automatically merge Dependabot pull requests when tests are passing, reducing manual maintenance overhead while maintaining code quality.

What's Added

Auto-Merge Workflow (dependabot-auto-merge.yml)

  • Triggers only on Dependabot PRs
  • Runs full build and test suite
  • Auto-merges patch/minor updates when tests pass
  • Requires manual review for major version updates

CI Workflow (ci.yml)

  • Runs on all PRs and pushes to main/master
  • Ensures consistent build and test execution
  • Provides quality gate for all changes

Dependabot Config (dependabot.yml)

  • Weekly Gradle dependency updates
  • Weekly GitHub Actions updates
  • Proper labeling and reviewer assignment

How It Works

  1. Dependabot creates PR for dependency update
  2. CI workflow runs build + tests automatically
  3. Auto-merge workflow (Dependabot PRs only):
    • ✅ Merges if tests pass + patch/minor update
    • ⚠️ Comments + requires review for major updates
    • ❌ Takes no action if tests fail

Safety Features

  • Only processes dependabot[bot] PRs
  • Requires all CI checks to pass
  • Conservative approach for major version changes
  • Uses GitHub's native auto-merge functionality
  • Graceful handling of missing test suites

Benefits

  • 🔒 Automated security updates
  • ⚡ Reduced manual maintenance
  • 🛡️ Only safe changes auto-merge
  • 📊 Clear CI status visibility

Compatibility

  • Uses JDK 8 for Android project compatibility
  • Handles older Gradle versions gracefully
  • Includes fallbacks for missing test configurations
  • No changes to existing build process

The implementation prioritizes safety - it will only auto-merge when there's high confidence the changes won't break anything.

@uknownothingsnow can click here to continue refining the PR

@openhands-agent
Add GitHub Actions for Dependabot auto-merge and CI
c5b6be4 
- Add Dependabot auto-merge workflow that merges PRs when tests pass
- Only auto-merge patch and minor version updates
- Require manual review for major version updates
- Add general CI workflow for all pull requests
- Add Dependabot configuration for Gradle and GitHub Actions dependencies
- Configure weekly dependency update schedule
@openhands-ai
Copy link

openhands-ai bot commented Jun 13, 2025

Looks like there are a few issues preventing this PR from being merged!

  • GitHub Actions are failing:
    • CI
    • CI
    • CI
    • CI
    • CI

If you'd like me to help, just leave a comment, like

@OpenHands please fix the failing actions on PR #16

Feel free to include any additional details that might help me get this PR into a better state.

You can manage your notification settings

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@uknownothingsnow @openhands-agent