Skip to content

Integrate gitStream with Dependabot

Approve and Merge Dependabot Changes

Auto-merge Dependabot PRs

Required gitStream Plugins

This example requires you to install the extractDependabotVersionBump and compareSemver plugins.

Learn more about gitStream plugins.

Configuration Description

Conditions (all must be true):

  • The PR author is Dependabot.
  • The branch name includes 'dependabot'
  • The dependency change is a patch or minor update.

Automation Actions:

  • Approve the PR
  • Apply an approved-dependabot label to the PR
  • Merge the PR if all status checks pass.

Configuration Example

manifest:
  version: 1.0

automations:
  merge_dependabot_minor:
    if:
      - {{ bump == 'minor' }}
      - {{ branch.name | includes(term="dependabot") }}
      - {{ branch.author | includes(term="dependabot") }}
    run:
      - action: approve@v1
      - action: add-comment@v1
        args:
          comment: |
            Dependabot `minor` version bumps are approved automatically.
  merge_dependabot_minor_patch:
    if:
      - {{ bump == 'patch' }}
      - {{ branch.name | includes(term="dependabot") }}
      - {{ branch.author | includes(term="dependabot") }}
    run:
      - action: approve@v1
      - action: merge@v1
      - action: add-comment@v1
        args:
          comment: |
            Dependabot `patch` version bumps are approved and merged automatically.

bump: {{ pr.description | extractDependabotVersionBump | compareSemver }}

Configuration Description

Conditions (all must be true):

  • The PR author is Dependabot.
  • The branch name includes 'dependabot'

Automation Actions:

  • Approve the PR
  • Apply an approved-dependabot label to the PR
  • Merge the PR if all status checks pass.

Configuration Example

# -*- mode: yaml -*-

manifest:
  version: 1.0

automations:
  approve_dependabot:
    if:
      - {{ branch.name | includes(term="dependabot") }}
      - {{ branch.author | includes(term="dependabot") }}
    run:
      - action: approve@v1
      - action: add-label@v1
        args:
          label: "approved-dependabot"
      - action: merge@v1
        args:
          wait_for_all_checks: true
          squash_on_merge: true

Additional Resources

gitStream is a workflow automation tool that enables you to use YAML configuration files to optimize your code review process. Add context to PRs, find code experts for reviews, and automate the merge process to maximize developer productivity.

Learn More about how gitStream Works.

More Automations can be found on the Automation Library and Integrations pages.