From d6a78d9b99eafff2f0018361a330bca2d59d5ba0 Mon Sep 17 00:00:00 2001 From: Joseph Villafranca Date: Thu, 23 Apr 2026 10:31:41 -0500 Subject: [PATCH 1/4] Adding dependabot autoappoval/merge --- .github/CODEOWNERS | 8 +++++- .github/dependabot.yml | 14 ++++++---- .github/workflows/dependabot-automation.yaml | 29 ++++++++++++++++++++ 3 files changed, 44 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/dependabot-automation.yaml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 6a6a920..9477fc6 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1,7 @@ -* @wpengine/mario \ No newline at end of file +* @wpengine/mario + +# Dependency files: both the bot and the team are code owners for these paths +package.json @pe-domino-bot @wpengine/mario +package-lock.json @pe-domino-bot @wpengine/mario +Dockerfile @pe-domino-bot @wpengine/mario +docker-compose.yml @pe-domino-bot @wpengine/mario \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3f90009..c4f3b0f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,13 +4,15 @@ updates: directory: "/" schedule: interval: "daily" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] open-pull-requests-limit: 10 - reviewers: - - "wpengine/mario" - package-ecosystem: "npm" - directory: "/" + directory: "/assets" schedule: interval: "daily" - open-pull-requests-limit: 10 - reviewers: - - "wpengine/mario" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + open-pull-requests-limit: 10 \ No newline at end of file diff --git a/.github/workflows/dependabot-automation.yaml b/.github/workflows/dependabot-automation.yaml new file mode 100644 index 0000000..5f27898 --- /dev/null +++ b/.github/workflows/dependabot-automation.yaml @@ -0,0 +1,29 @@ +name: Dependabot Automation +on: pull_request + +permissions: + contents: write + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{github.actor == 'dependabot[bot]'}} + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 + with: + github-token: "${{secrets.GITHUB_TOKEN}}" + - name: Approve PR + if: ${{steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'}} + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.BOT_APPROVAL_TOKEN}} + run: gh pr review --approve "$PR_URL" + - name: Enable auto-merge + if: ${{steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'}} + env: + PR_URL: ${{github.event.pull_request.html_url}} + GH_TOKEN: ${{secrets.BOT_APPROVAL_TOKEN}} + run: gh pr merge --auto --squash "$PR_URL" From 0095ce4234b4cea81e17eb898e1cd4836ff5a83d Mon Sep 17 00:00:00 2001 From: Joseph Villafranca Date: Mon, 27 Apr 2026 09:57:53 -0500 Subject: [PATCH 2/4] address dir path and remove docker compose file from codeowners --- .github/CODEOWNERS | 1 - .github/dependabot.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 9477fc6..e050575 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -4,4 +4,3 @@ package.json @pe-domino-bot @wpengine/mario package-lock.json @pe-domino-bot @wpengine/mario Dockerfile @pe-domino-bot @wpengine/mario -docker-compose.yml @pe-domino-bot @wpengine/mario \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c4f3b0f..03c2afa 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,7 +9,7 @@ updates: update-types: ["version-update:semver-major"] open-pull-requests-limit: 10 - package-ecosystem: "npm" - directory: "/assets" + directory: "/" schedule: interval: "daily" ignore: From b2da53c5b3f8203676ae5d74b6075655e5774abe Mon Sep 17 00:00:00 2001 From: Joseph Villafranca Date: Mon, 27 Apr 2026 13:41:07 -0500 Subject: [PATCH 3/4] adding github actions ecosystem --- .github/dependabot.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 03c2afa..b6a1553 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,6 +8,13 @@ updates: - dependency-name: "*" update-types: ["version-update:semver-major"] open-pull-requests-limit: 10 + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] - package-ecosystem: "npm" directory: "/" schedule: @@ -15,4 +22,5 @@ updates: ignore: - dependency-name: "*" update-types: ["version-update:semver-major"] - open-pull-requests-limit: 10 \ No newline at end of file + open-pull-requests-limit: 10 + \ No newline at end of file From 7e91efb06a7d3f25009435f31ce55c5fcd173734 Mon Sep 17 00:00:00 2001 From: Michael Day Date: Mon, 27 Apr 2026 16:20:51 -0500 Subject: [PATCH 4/4] fix trailing newline, add open-pull-requests-limit to github-actions ecosystem, add workflow paths to CODEOWNERS for bot approval --- .github/CODEOWNERS | 2 ++ .github/dependabot.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e050575..da2c087 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -4,3 +4,5 @@ package.json @pe-domino-bot @wpengine/mario package-lock.json @pe-domino-bot @wpengine/mario Dockerfile @pe-domino-bot @wpengine/mario +.github/workflows/*.yml @pe-domino-bot @wpengine/mario +.github/workflows/*.yaml @pe-domino-bot @wpengine/mario diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b6a1553..6325eae 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -15,6 +15,7 @@ updates: ignore: - dependency-name: "*" update-types: ["version-update:semver-major"] + open-pull-requests-limit: 10 - package-ecosystem: "npm" directory: "/" schedule: @@ -23,4 +24,3 @@ updates: - dependency-name: "*" update-types: ["version-update:semver-major"] open-pull-requests-limit: 10 - \ No newline at end of file