I have created Workflow for GitHub Actions as described here: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions
name: Dependabot auto-approve
on: pull_request_target
permissions:
contents: write
pull-requests: write
jobs:
dependabot:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
steps:
- name: Approve a PR
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- name: Enable auto-merge for Dependabot PRs
run: gh pr merge --auto --merge "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
# The documentation incorrectly forgets `GITHUB_TOKEN` here.
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
Above automation works, but I have a Branch protection rule that requires review from the Code Owners.
Is there a way to include github-actions
to the CODEOWNERS file in order to make its approval counted?
As of right now, a GitHub app cannot be added to CODEOWNERS as quoted here.
However, what you can do, is to use a GitHub personal access token generated by yourself as explained in the documentation here, then add it as a secret and use it in your workflow. See the GitHub Documentation .
The last step of your action would then reference your self-defined secret. In the below example, I assume it's called
MYTOKEN
With this approach, a merge would be done as your user, who is - I assume - part of the CODEOWNERS.