"Merge on approval" on GitHub-native Dependabot

[ylemkimon]

"Treat PR approval as a request to merge" setting was available on Dependabot dashboard but it isn't possible to configure in .github/dependabot.yml.

[localheinz]

Perhaps related to github/roadmap#107?

I currently work around the lack of automatic merges by creating a bot user and applying the following job (see https://github.com/ergebnis/php-library-template/blob/main/.github/workflows/integrate.yaml#L384-L478):

  merge:
    name: "Merge"

    runs-on: "ubuntu-latest"

    needs:
      - "code-coverage"
      - "coding-standards"
      - "dependency-analysis"
      - "mutation-tests"
      - "static-code-analysis"
      - "tests"

    if: >
      github.event_name == 'pull_request' &&
      github.event.pull_request.draft == false && (
        github.event.action == 'opened' ||
        github.event.action == 'reopened' ||
        github.event.action == 'synchronize'
      ) && (
        (github.actor == 'dependabot[bot]' && startsWith(github.event.pull_request.title, 'composer(deps-dev)')) ||
        (github.actor == 'dependabot[bot]' && startsWith(github.event.pull_request.title, 'github-actions(deps)')) ||
        (github.actor == 'ergebnis-bot' && github.event.pull_request.title == 'Enhancement: Update license year') ||
        (github.actor == 'localheinz' && contains(github.event.pull_request.labels.*.name, 'merge'))
      )
    steps:
      - name: "Request review from @ergebnis-bot"
        uses: "actions/github-script@v2.0.0"
        with:
          github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
          script: |
            const pullRequest = context.payload.pull_request
            const repository = context.repo
            const reviewers = [
              "ergebnis-bot",
            ]
            await github.pulls.createReviewRequest({
              owner: repository.owner,
              pull_number: pullRequest.number,
              repo: repository.repo,
              reviewers: reviewers,
            })

      - name: "Assign @ergebnis-bot"
        uses: "actions/github-script@v2.0.0"
        with:
          github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
          script: |
            const pullRequest = context.payload.pull_request
            const repository = context.repo
            const reviewers = [
              "ergebnis-bot",
            ]
            await github.issues.addAssignees({
              assignees: reviewers,
              issue_number: pullRequest.number,
              owner: repository.owner,
              repo: repository.repo,
            })

      - name: "Approve pull request"
        uses: "actions/github-script@v2.0.0"
        if: "github.actor != 'ergebnis-bot'"
        with:
          github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
          script: |
            const pullRequest = context.payload.pull_request
            const repository = context.repo
            await github.pulls.createReview({
              event: "APPROVE",
              owner: repository.owner,
              pull_number: pullRequest.number,
              repo: repository.repo,
            })

      - name: "Merge pull request"
        uses: "actions/github-script@v2.0.0"
        with:
          github-token: "${{ secrets.ERGEBNIS_BOT_TOKEN }}"
          script: |
            const pullRequest = context.payload.pull_request
            const repository = context.repo
            await github.pulls.merge({
              merge_method: "merge",
              owner: repository.owner,
              pull_number: pullRequest.number,
              repo: repository.repo,
            })

[ylemkimon]

@localheinz Actually it's slightly different from github/roadmap#107, as this doesn't merge without manual intervention. This requires user's explicit approval.

[chdsbd]

If you want your dependency updates to be merged after approval, you could setup an automerge bot as described here: #1973 (comment)

Once you approve the dependabot PR the bot would merge it, assuming all your status checks are passing.

[mwaddell]

Is this relevant to this task as well?

In case anyone stumbles across this issue.
The official GitHub Docs now document a process for Dependabot auto merge here.

Sadly, it looks like the fetch-metadata-action is not getting a lot of attention.

Originally posted by @dihmandrake in #1973 (comment)

[ylemkimon]

This can be achieved with the auto-merge.

[slifty]

This can be achieved with the auto-merge.

Just to clarify -- is it possible to configure auto-merge to ONLY apply to dependabot?

We have a developer flow where the person opening a PR clicks the merge button (after approval).
I'd love for dependabot to auto-merge after approval (as the entity that opened the PR), but we don't want our human PRs to auto-merge after approval.

[BoscoDomingo]

This can be achieved with the auto-merge.

Just to clarify -- is it possible to configure auto-merge to ONLY apply to dependabot?

We have a developer flow where the person opening a PR clicks the merge button (after approval). I'd love for dependabot to auto-merge after approval (as the entity that opened the PR), but we don't want our human PRs to auto-merge after approval.

This. I want Dependabot to work like any other person in my team: if you're assigned to the PR, you know when to merge. First step is passing all checks and receiving approval(s), but then you decide when to merge. Dependabot has the "@dependabot merge" command, but you must manually type it every time, which is more work than simply clicking merge yourself.
Thus, I have tried automating that comment with another bot, see if that way the moment a Dependabot PR is approved, Dependabot itself merges it if possible. I haven't tried it yet, but leaving this for posterity in case someone else runs into this issue as a possible solution

EDIT: Nope. @dependabot merge attempts to merge it immediately, so if no approval is present, it fails. At that point, simply merge it via a GitHub Action when the PR is approved which makes more sense.

[mwaddell]

@BoscoDomingo Can you just use https://github.com/marketplace/actions/enable-automerge-action ?

[BoscoDomingo]

@BoscoDomingo Can you just use https://github.com/marketplace/actions/enable-automerge-action ?

@mwaddell Uhmmm, yes sir, it would seem like a perfect fit! How that did not pop up as the very first result when Googling this issue blows my mind... I'll try it out and see if it works, thanks!!