Automatic merging of Dependabot generated Pull Request with codeowners file and branch protection rule?

name: Dependabot auto-approve on: pull_request_target permissions: contents: write pull-requests: write jobs: dependabot: runs-on: ubuntu-latest if: ${{ github.actor == 'dependabot[bot]' }} steps: - name: Approve a PR run: gh pr review --approve "$PR_URL" env: PR_URL: ${{github.event.pull_request.html_url}} GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - name: Enable auto-merge for Dependabot PRs run: gh pr merge --auto --merge "$PR_URL" env: PR_URL: ${{github.event.pull_request.html_url}} # The documentation incorrectly forgets `GITHUB_TOKEN` here. GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

As of right now, a GitHub app cannot be added to CODEOWNERS as quoted here.

Thank you for being here! Currently, GitHub Apps can’t be used in CODEOWNERS – that’s not supported. It’s something the team is considering for the future, and I’ll be sure to add your use case to the internal feature request.

However, what you can do, is to use a GitHub personal access token generated by yourself as explained in the documentation here, then add it as a secret and use it in your workflow. See the GitHub Documentation .

The last step of your action would then reference your self-defined secret. In the below example, I assume it's called MYTOKEN

          - name: Enable auto-merge for Dependabot PRs
            run: gh pr merge --auto --merge "$PR_URL"
            env:
              PR_URL: ${{github.event.pull_request.html_url}}
              # The documentation incorrectly forgets `GITHUB_TOKEN` here.
              GITHUB_TOKEN: ${{secrets.MYTOKEN}}

With this approach, a merge would be done as your user, who is - I assume - part of the CODEOWNERS.

Recommended topics

Hot tags