Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions .github/workflows/automerge.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Dependabot auto-merge

# Per-repo caller. Drop into .github/workflows/ of each consuming repo.
# It runs on every PR but the reusable only acts on Dependabot PRs.
#
# The permissions block here MUST grant contents+pull-requests write: a called
# workflow's effective GITHUB_TOKEN permissions are capped by the caller's.
# GITHUB_TOKEN is passed to the reusable automatically (no `secrets: inherit`).
#
# Pin the reusable to a released tag of ci-workflows. v13 is the first tag that
# contains it. Dependabot's github-actions ecosystem will open PRs bumping this
# ref as new tags are cut — which the auto-merge this enables will then land.

on:
pull_request:

permissions:
contents: write
pull-requests: write

jobs:
auto-merge:
if: github.actor == 'dependabot[bot]'
uses: WeMoveEU/ci-workflows/.github/workflows/dependabot-auto-merge.yml@v13
# Override defaults if desired, e.g. patch-only for runtime-heavy repos:
# with:
# allowed-update-types: "version-update:semver-patch"
20 changes: 20 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: CI

# PR gate for ci-workflows. The repo only holds reusable (workflow_call)
# workflows, which can't meaningfully self-run on a PR, so the gate is
# actionlint over the workflow files. The job is named `ci` so it produces a
# status check named "ci" — the exact context the org ruleset requires.

on:
pull_request:

permissions:
contents: read

jobs:
ci:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: actionlint
uses: raven-actions/actionlint@v2
Loading