dependabot.yml

name: dependabot-auto-merge
on:
  pull_request:
    types:
      - opened
      - reopened

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code 👋
        uses: actions/checkout@v4
      - name: Check and merge ⛙
        uses: actions/github-script@v7
        with:
          github-token: ${{ secrets.QWY_SYNC_BOT_TOKEN }}
          script: |
            const { repo: { owner, repo } } = context;
            const pr = context.payload.pull_request;

            if (pr.user.login !== 'dependabot[bot]') {
              console.log('Not Dependabot pull request');
              return;
            }

            console.log(`Merging pull request: ${pr.html_url}`);
            await github.rest.pulls.merge({
              owner, repo,
              pull_number: pr.number,
              merge_method: "squash",
            });
            await github.rest.git.deleteRef({
                owner,
                repo,
                ref: `heads/${pr.head.ref}`,