You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+25-8Lines changed: 25 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ This action automatically approves and merges dependabot PRs.
6
6
7
7
### `github-token`
8
8
9
-
**Required** A GitHub token.
9
+
**Required** A GitHub token. See below for additional information.
10
10
11
11
### `exclude`
12
12
@@ -26,6 +26,8 @@ _Optional_ An arbitrary message that you'd like to comment on the PR after it ge
26
26
27
27
## Example usage
28
28
29
+
### Basic example
30
+
29
31
```yml
30
32
name: CI
31
33
on: [push, pull_request]
@@ -45,13 +47,7 @@ jobs:
45
47
github-token: ${{secrets.GITHUB_TOKEN}}
46
48
```
47
49
48
-
**Note**
49
-
50
-
- The GitHub token is automatically provided by Github Actions, which we access using `secrets.GITHUB_TOKEN` and supply to the action as an input `github-token`.
51
-
- This action must be used in the context of a Pull Request. If the workflow can be triggered by other events (e.g. push), make sure to include `github.event_name == 'pull_request'` in the action conditions, as shown in the example.
52
-
- Make sure to use `needs: <jobs>` to delay the auto-merging until CI checks (test/build) are passed.
53
-
54
-
## With `exclude`
50
+
### With `exclude`
55
51
56
52
```yml
57
53
steps:
@@ -61,3 +57,24 @@ steps:
61
57
github-token: ${{secrets.github_token}}
62
58
exclude: ['react']
63
59
```
60
+
61
+
## Notes
62
+
63
+
- A GitHub token is automatically provided by Github Actions, which can be accessed using `secrets.GITHUB_TOKEN` and supplied to the action as an input `github-token`.
64
+
- Only the [GitHub native Dependabot integration](https://docs.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically) is supported, the old [Dependabot Preview app](https://github.com/marketplace/dependabot-preview) isn't.
65
+
- This action must be used in the context of a Pull Request. If the workflow can be triggered by other events (e.g. push), make sure to include `github.event_name == 'pull_request'` in the action conditions, as shown in the example.
66
+
- Make sure to use `needs: <jobs>` to delay the auto-merging until CI checks (test/build) are passed.
67
+
- If you want to use GitHub's [auto-merge](https://docs.github.com/en/github/collaborating-with-issues-and-pull-requests/automatically-merging-a-pull-request) feature but still use this action to approve Pull Requests without merging, use `approve-only: true`.
68
+
69
+
## Limitations
70
+
71
+
One known limitation of using a GitHub action with the built-in GitHub Token to automatically merge Pull Requests is that the result of the merge will not trigger a workflow run.
72
+
73
+
What this means in practice is that after this action merges a Pull Request, no workflows are run on the commit made to the target branch.
74
+
75
+
This is a known behavior described in the [documentation](https://docs.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token) which prevents triggering of recursive workflow runs.
76
+
77
+
Alternative options are:
78
+
79
+
- use a personal access token, as described in the documentation
80
+
- use this action only for approving and using GitHub's auto-merge to merge Pull Requests
0 commit comments