syft/.github/workflows/dependabot-automation.yaml
William Murphy c816c73341
chore: enable automatic approval of dependabot PRs (#2505)
To reduce toil in this repo, enable dependabot PRs to be automatically
approved, but not merged. They are not automatically merged because if
the default GitHub token is used to automatically merge a PR, the
resulting commit will not trigger workflows on main. Rather than
generate a more potent token, just automatically review them, which
reduces toil by eliminating several clicks and page loads for
maintainers who are trying to merge dependabot PRs.

Signed-off-by: Will Murphy <will.murphy@anchore.com>
2024-01-18 08:35:23 -05:00

10 lines
177 B
YAML

name: Dependabot Automation
on:
pull_request:
permissions:
pull-requests: write
jobs:
run:
uses: anchore/workflows/.github/workflows/dependabot-automation.yaml@main