From f2e6876bf48a39877528d686fb45279a64e18442 Mon Sep 17 00:00:00 2001 From: rbetree Date: Thu, 2 Apr 2026 12:52:23 +0800 Subject: [PATCH] =?UTF-8?q?ci(dependabot):=20=E9=85=8D=E7=BD=AE=E4=BE=9D?= =?UTF-8?q?=E8=B5=96=E8=87=AA=E5=8A=A8=E6=9B=B4=E6=96=B0=E5=92=8C=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E5=90=88=E5=B9=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/dependabot.yml | 58 +++++++++++++++++++++ .github/workflows/dependabot-auto-merge.yml | 40 ++++++++++++++ 2 files changed, 98 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/dependabot-auto-merge.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..fd887b5 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,58 @@ +version: 2 + +updates: + - package-ecosystem: npm + directory: / + target-branch: main + schedule: + interval: weekly + day: monday + time: '09:00' + timezone: Asia/Shanghai + open-pull-requests-limit: 10 + labels: + - dependencies + - npm + commit-message: + prefix: chore + include: scope + groups: + security-updates: + applies-to: security-updates + patterns: + - '*' + npm-minor-patch: + applies-to: version-updates + patterns: + - '*' + update-types: + - minor + - patch + + - package-ecosystem: github-actions + directory: / + target-branch: main + schedule: + interval: weekly + day: monday + time: '09:15' + timezone: Asia/Shanghai + open-pull-requests-limit: 10 + labels: + - dependencies + - github-actions + commit-message: + prefix: ci + include: scope + groups: + security-updates: + applies-to: security-updates + patterns: + - '*' + github-actions-minor-patch: + applies-to: version-updates + patterns: + - '*' + update-types: + - minor + - patch diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..7d2cf31 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,40 @@ +name: Dependabot Auto Merge + +on: + pull_request: + types: + - opened + - synchronize + - reopened + +permissions: + contents: write + pull-requests: write + +concurrency: + group: dependabot-auto-merge-${{ github.event.pull_request.number }} + cancel-in-progress: true + +jobs: + auto_merge: + if: github.event.pull_request.user.login == 'dependabot[bot]' + runs-on: ubuntu-latest + steps: + - name: Fetch Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Enable auto-merge for patch and minor updates + if: | + steps.metadata.outputs.update-type == 'version-update:semver-patch' || + steps.metadata.outputs.update-type == 'version-update:semver-minor' + run: gh pr merge --auto --merge "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Keep major updates for manual review + if: steps.metadata.outputs.update-type == 'version-update:semver-major' + run: echo "Major version update detected. Auto-merge is intentionally disabled."