coilysiren/website
1
0
Fork 0
Code Issues 14 Pull requests Projects Releases Packages Wiki Activity Actions 3

Modernize automerge workflow to match cli-web-* template #10

New issue
Open
opened 2026-05-23 20:55:40 +00:00 by coilysiren · 0 comments
coilysiren commented 2026-05-23 20:55:40 +00:00
Owner
Copy link

Originally filed by @coilysiren on 2026-05-15T01:42:52Z - https://github.com/coilysiren/website/issues/1375

Problem - .github/workflows/automerge.yml is the older shape: dependabot/fetch-metadata@v1, on: pull_request, no patch/minor filter. Newer repos (cli-web-docs, cli-web-ops) ship dependabot-auto-merge.yml with the v2 metadata action, pull_request_target trigger, and a version-update:semver-patch || semver-minor gate.

Why it matters - the v1 fetch-metadata action is deprecated. The pull_request_target trigger lets the workflow run with write permissions on first-time-contributor PRs, which matters once dependabot's token scoping tightens. The patch/minor filter prevents unattended major-version merges.

Acceptance

  • Replace automerge.yml with the dependabot-auto-merge.yml from cli-web-docs/.github/workflows/dependabot-auto-merge.yml verbatim (or near-verbatim).
  • Delete the old automerge.yml in the same commit.
  • Confirm a dependabot PR (next patch bump that lands) auto-merges as expected.
_Originally filed by @coilysiren on 2026-05-15T01:42:52Z - [https://github.com/coilysiren/website/issues/1375](https://github.com/coilysiren/website/issues/1375)_ **Problem** - `.github/workflows/automerge.yml` is the older shape: `dependabot/fetch-metadata@v1`, `on: pull_request`, no patch/minor filter. Newer repos (`cli-web-docs`, `cli-web-ops`) ship `dependabot-auto-merge.yml` with the v2 metadata action, `pull_request_target` trigger, and a `version-update:semver-patch || semver-minor` gate. **Why it matters** - the v1 fetch-metadata action is deprecated. The `pull_request_target` trigger lets the workflow run with write permissions on first-time-contributor PRs, which matters once dependabot's token scoping tightens. The patch/minor filter prevents unattended major-version merges. **Acceptance** - Replace `automerge.yml` with the `dependabot-auto-merge.yml` from `cli-web-docs/.github/workflows/dependabot-auto-merge.yml` verbatim (or near-verbatim). - Delete the old `automerge.yml` in the same commit. - Confirm a dependabot PR (next patch bump that lands) auto-merges as expected.
coilysiren added
P3
 and removed
P2
 labels 2026-05-30 17:20:48 +00:00
coilysiren added
P4
 and removed
P3
 labels 2026-05-31 07:01:34 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
og-article-tags-1373
claude/coily-docker-image-FF2Rw
No results found.
Labels
Clear labels   
icebox
Closed in the 2026-05-29 backlog burn-down; reopen if it becomes real

  
P0
now / blocking / urgent

  
P1
next / important

  
P2
backlog / will do

  
P3
someday / low

  
P4
P4

No labels
icebox
P0
P1
P2
P3
P4
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coilysiren/website#10
No description provided.