Skip to content

ci: run Dependabot auto-merge in the release environment#1289

Merged
dunglas merged 1 commit into
mainfrom
ci/auto-merge-release-env
Jun 29, 2026
Merged

ci: run Dependabot auto-merge in the release environment#1289
dunglas merged 1 commit into
mainfrom
ci/auto-merge-release-env

Conversation

@dunglas

@dunglas dunglas commented Jun 29, 2026

Copy link
Copy Markdown
Owner

Follow-up to #1288.

RELEASE_APP_ID (variable) and RELEASE_APP_PRIVATE_KEY (secret) are scoped to the release environment. The auto-merge job declared a placeholder dependabot environment, so vars.RELEASE_APP_ID resolved empty and create-github-app-token failed with "The 'client-id' (or deprecated 'app-id') input must be set to a non-empty string". Point the job at release (no protection rules, so auto-merge stays unattended) to reach the credentials, which also satisfies zizmor secrets-outside-env.

RELEASE_APP_ID and RELEASE_APP_PRIVATE_KEY are scoped to the release
environment, so the auto-merge job must declare it to resolve the app
credentials (the placeholder `dependabot` environment left app-id empty).
Copilot AI review requested due to automatic review settings June 29, 2026 13:47

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes the Dependabot auto-merge workflow by running the auto-merge job in the release GitHub Actions environment so it can access environment-scoped credentials (vars.RELEASE_APP_ID and secrets.RELEASE_APP_PRIVATE_KEY) needed to mint the GitHub App token used for enabling auto-merge.

Changes:

  • Switch the Dependabot auto-merge job environment from a placeholder (dependabot) to the real credentials-bearing environment (release).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dunglas dunglas merged commit a0a32d1 into main Jun 29, 2026
45 checks passed
@dunglas dunglas deleted the ci/auto-merge-release-env branch June 29, 2026 13:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants