Skip to content

Bump github/codeql-action/init from 4.36.2 to 4.36.3 #13

Bump github/codeql-action/init from 4.36.2 to 4.36.3

Bump github/codeql-action/init from 4.36.2 to 4.36.3 #13

name: Auto-merge Dependabot PRs
# pull_request_target is required so we can approve/merge with the elevated
# GITHUB_TOKEN. We never check out PR code, and the if: filter on
# github.event.pull_request.user.login is server-enforced and cannot be spoofed.
on: # zizmor: ignore[dangerous-triggers]
pull_request_target:
types: [opened, reopened]
permissions:
contents: write
pull-requests: write
jobs:
auto-merge:
runs-on: ubuntu-latest
if: github.event.pull_request.user.login == 'dependabot[bot]'
steps:
- uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3
id: metadata
- name: Approve and auto-merge trusted dependencies
if: |
startsWith(steps.metadata.outputs.dependency-names, 'actions/') ||
startsWith(steps.metadata.outputs.dependency-names, 'github/')
run: |
gh pr review "$PR_URL" --approve
gh pr merge "$PR_URL" --auto --squash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_URL: ${{ github.event.pull_request.html_url }}