Skip to content

Chore: [AEA-0000] - add dependabot approve schedule #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
anthony-nhs merged 1 commit into from
Apr 20, 2026
Merged

Chore: [AEA-0000] - add dependabot approve schedule #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions .github/workflows/auto_approve_dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
name: Auto-approve dependency updates

on:
workflow_dispatch:
schedule:
- cron: '*/30 * * * *'
Copy link

Copilot AI Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The scheduled trigger runs every 30 minutes, which will consume runner minutes and GitHub API calls even when there are no Dependabot PRs to approve. Consider reducing the cadence (e.g., hourly/daily) or adding logic to skip quickly when there is nothing to do, to avoid unnecessary operational load.

Suggested change
- cron: '*/30 * * * *'
- cron: '0 * * * *'

Copilot uses AI. Check for mistakes.

Comment on lines +1 to +7
Copy link

Copilot AI Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR title/description says "add Dependabot schedule", but the repo already has scheduled Dependabot updates in .github/dependabot.yml. This workflow instead schedules an auto-approve/auto-merge job; please update the PR title/description to match the actual change (or clarify what schedule is being added).

Copilot uses AI. Check for mistakes.
permissions: {}
jobs:
auto-approve-dependabot:
runs-on: ubuntu-22.04
environment: create_pull_request
permissions:
contents: write
pull-requests: write
steps:
- name: Auto approve and enable auto-merge
uses: NHSDigital/eps-dependabot-approve@da0503449b218ccd99bc547e242007d5514e4d2f
with:
AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}
87 changes: 37 additions & 50 deletions .github/workflows/pull_request.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,54 +1,41 @@
name: pull_request

on:
pull_request:
branches: [ main ]
pull_request:
branches: [main]
permissions: {}
Comment on lines 1 to 5
Copy link

Copilot AI Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The indentation/formatting in this workflow (2-space nesting, [main]) is inconsistent with other workflows in this repo (e.g., .github/workflows/ci.yml and release.yml use 4-space nesting and [ main ]). Consider keeping formatting consistent to reduce noisy diffs and make workflows easier to scan side-by-side.

Copilot uses AI. Check for mistakes.
jobs:
get_config_values:
uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845
permissions:
attestations: "read"
contents: "read"
packages: "read"
with:
verify_published_from_main_image: false

dependabot-auto-approve-and-merge:
uses: NHSDigital/eps-common-workflows/.github/workflows/dependabot-auto-approve-and-merge.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845
permissions:
contents: "write"
pull-requests: "write"
secrets:
AUTOMERGE_APP_ID: ${{ secrets.AUTOMERGE_APP_ID }}
AUTOMERGE_PEM: ${{ secrets.AUTOMERGE_PEM }}

quality_checks:
uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845
needs: [ get_config_values ]
permissions:
contents: "read"
packages: "read"
id-token: "write"
with:
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

pr_title_format_check:
uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845
permissions:
pull-requests: "write"

tag_release:
needs: [ get_config_values ]
uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845
permissions:
id-token: "write"
contents: "write"
packages: "write"
with:
dry_run: true
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
branch_name: ${{ github.event.pull_request.head.ref }}
tag_format: ${{ needs.get_config_values.outputs.tag_format }}
get_config_values:
uses: NHSDigital/eps-common-workflows/.github/workflows/get-repo-config.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845
permissions:
attestations: "read"
contents: "read"
packages: "read"
with:
verify_published_from_main_image: false
quality_checks:
uses: NHSDigital/eps-common-workflows/.github/workflows/quality-checks-devcontainer.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845
needs: [get_config_values]
permissions:
contents: "read"
packages: "read"
id-token: "write"
with:
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
secrets:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
pr_title_format_check:
uses: NHSDigital/eps-common-workflows/.github/workflows/pr_title_check.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845
permissions:
pull-requests: "write"
tag_release:
needs: [get_config_values]
uses: NHSDigital/eps-common-workflows/.github/workflows/tag-release-devcontainer.yml@8b259f4f2d2b8ff1345fb0d2f9b9f0fbb9d19845
permissions:
id-token: "write"
contents: "write"
packages: "write"
with:
dry_run: true
pinned_image: ${{ needs.get_config_values.outputs.pinned_image }}
branch_name: ${{ github.event.pull_request.head.ref }}
tag_format: ${{ needs.get_config_values.outputs.tag_format }}