mirror of
https://github.com/anchore/syft
synced 2024-11-10 06:14:16 +00:00
c816c73341
To reduce toil in this repo, enable dependabot PRs to be automatically approved, but not merged. They are not automatically merged because if the default GitHub token is used to automatically merge a PR, the resulting commit will not trigger workflows on main. Rather than generate a more potent token, just automatically review them, which reduces toil by eliminating several clicks and page loads for maintainers who are trying to merge dependabot PRs. Signed-off-by: Will Murphy <will.murphy@anchore.com>
10 lines
177 B
YAML
10 lines
177 B
YAML
name: Dependabot Automation
|
|
on:
|
|
pull_request:
|
|
|
|
permissions:
|
|
pull-requests: write
|
|
|
|
jobs:
|
|
run:
|
|
uses: anchore/workflows/.github/workflows/dependabot-automation.yaml@main
|