Following "Dependabot is moving natively into GitHub!", I had to update my dependabot config files to use version 2 format.
My .dependabot/config.yaml did look like:
version: 1
update_configs:
- package_manager: "python"
directory: "/"
update_schedule: "live"
automerged_updates:
- match:
dependency_type: "all"
update_type: "all"
I've got the following working:
version: 2
updates:
- package-ecosystem: pip
directory: "/"
schedule:
interval: daily
but I can't seem to add the automerge option again (when checking with the dependabot validator)?
Here is one solution that doesn't require any additional marketplace installations (originally found here). Simply create a new GitHub workflow (e.g. .github/workflows/dependabotautomerge.yml) containing:
name: "Dependabot Automerge - Action"
on:
pull_request:
jobs:
worker:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- name: automerge
uses: actions/[email protected]
with:
script: |
github.pullRequests.createReview({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
pull_number: context.payload.pull_request.number,
event: 'APPROVE'
})
github.pullRequests.merge({
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
pull_number: context.payload.pull_request.number
})
github-token: ${{github.token}}
There are also various third-party solutions available on GitHub Marketplace.