Integrate dependabot-automerge workflow into CI

[leynos]

Summary

• Adds a dependabot-automerge job to CI to automatically merge Dependabot PRs after successful checks
• Reuses the shared automerge workflow to centralize automerge logic

Changes

CI Configuration

• Introduced a new job dependabot-automerge in .github/workflows/ci.yml

• Job only runs when the actor is the Dependabot bot: if: ${{ github.actor == 'dependabot[bot]' }}

• Permissions granted:

  • contents: write
  • pull-requests: write
  • checks: read
  • statuses: read

• Uses the shared automerge workflow:

  uses: leynos/shared-actions/.github/workflows/dependabot-automerge.yml@235d2d07b9a321364a742310873f6732d7228e72

Behavior

• The automerge job handles merging Dependabot PRs once required checks pass, reducing manual intervention for dependency updates

Test plan

• Dependabot PRs trigger the automerge workflow
• Verify automerge occurs after all required checks pass
• Ensure non-Dependabot PRs are unaffected
• Confirm proper permissions (contents, pull-requests, checks, statuses) are set and logged

🌿 Generated by Terry

---

ℹ️ Tag @terragon-labs to ask questions and address PR feedback

📎 Task: https://www.terragonlabs.com/task/d4b73e3c-3910-453e-8681-91f0455ab3d5

Summary by Sourcery

CI:

• Add a dependabot-automerge reusable workflow job that runs only for Dependabot PRs with appropriate write and read permissions.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch terragon/add-dependabot-automerge-4ce79e

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adds a Dependabot-specific automerge job to the CI workflow that delegates to a shared reusable workflow, scoped to run only for Dependabot PRs with appropriate write/read permissions.

Sequence diagram for Dependabot PR automerge workflow

sequenceDiagram
  actor Dependabot_bot
  participant GitHub as GitHub_Repo
  participant CI as CI_Workflow_ci_yml
  participant GA as GitHub_Actions_Runner
  participant SA as Shared_Automerge_Workflow

  Dependabot_bot->>GitHub: Create_or_update_Dependency_PR
  GitHub-->>CI: Trigger_CI_on_PR_event

  CI->>GA: Start_job_build_test
  GA->>GA: Run_tests_and_other_checks
  GA-->>GitHub: Report_checks_and_statuses

  Note over CI,GA: GitHub_actor == dependabot_bot
  CI->>GA: Start_job_dependabot_automerge
  GA->>SA: Reuse_workflow_dependabot_automerge_yaml

  SA->>GitHub: Read_checks_and_statuses
  SA->>GitHub: Verify_required_checks_passed
  SA->>GitHub: Merge_PR_using_contents_write_and_pull_requests_write
  GitHub-->>Dependabot_bot: PR_merged_notification

Loading

Flow diagram for CI workflow with Dependabot-specific automerge job

flowchart TD
  A[PR_opened_or_updated] --> B{Actor_is_dependabot_bot}

  B -->|no| C[Run_build_test_job]
  C --> D[Report_checks_statuses]
  D --> E[Wait_for_manual_merge]

  B -->|yes| C
  D --> F[Start_dependabot_automerge_job]
  F --> G[Call_shared_dependabot_automerge_workflow]
  G --> H{All_required_checks_pass}
  H -->|no| I[Leave_PR_open]
  H -->|yes| J[Merge_PR_automatically]

Loading

File-Level Changes

Change	Details	Files
Add a Dependabot-only automerge job to the CI workflow that reuses a shared automerge workflow with the necessary permissions.	Introduce a new dependabot-automerge job in the main CI workflow configuration. Restrict execution of the job using an if condition that checks the GitHub actor is dependabot[bot]. Grant the job write permissions to repository contents and pull requests, and read permissions to checks and commit statuses. Configure the job to use the shared dependabot-automerge reusable workflow pinned to a specific commit SHA.	.github/workflows/ci.yml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.