From 0d0cd021d8f2e537882e3fff1c05c0b94e2e382f Mon Sep 17 00:00:00 2001 From: saptarshimandal1 Date: Fri, 6 Mar 2026 12:10:32 +0000 Subject: [PATCH 1/2] Added dependabot automation --- .github/dependabot.yml | 26 +++++++++++++++ .github/workflows/dependabot-auto-merge.yml | 37 +++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/dependabot-auto-merge.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..3a01d87 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,26 @@ +version: 2 +updates: + + # --------------------------- + # Python (Poetry via pip) + # --------------------------- + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "daily" + target-branch: "main" + labels: ["dependencies", "python", "poetry"] + open-pull-requests-limit: 10 + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + # --------------------------- + # GitHub Actions + # --------------------------- + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + target-branch: "main" + labels: ["dependencies", "github-actions"] \ No newline at end of file diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..5db4df6 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,37 @@ +name: Dependabot auto-merge + +on: + pull_request_target: + types: [opened, reopened, synchronize, ready_for_review] + +permissions: + contents: write + pull-requests: write + +jobs: + automerge: + name: Auto-merge Dependabot patch updates + runs-on: ubuntu-latest + + # Only run on Dependabot PRs + if: github.event.pull_request.user.login == 'dependabot[bot]' + + steps: + - name: Fetch Dependabot metadata + id: meta + uses: dependabot/fetch-metadata@v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Approve PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Auto-merge patch updates only + if: steps.meta.outputs.update-type == 'version-update:semver-patch' + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From ba2017d3cfb55cbff6e3e9683d7aad28489a9211 Mon Sep 17 00:00:00 2001 From: saptarshimandal1 Date: Fri, 6 Mar 2026 12:12:50 +0000 Subject: [PATCH 2/2] Added dependabot automation --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index a88e66b..8986ca9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "proxygen-cli" -version = "3.0.1" +version = "3.0.2" description = "CLI for interacting with NHSD APIM's proxygen service" authors = ["Ben Strutt "] readme = "README.md"