From d28c441c7448ef49422d47284d0f60e6e7aad9d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Mar 2026 10:07:54 +0000 Subject: [PATCH 1/2] build(deps): bump actions/checkout from 3 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 2 +- .github/workflows/release.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ae15b92..cb2b3cf 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -32,7 +32,7 @@ jobs: coverage: none - name: Checkout code - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d4e9300..11c18e0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: ini-values: phar.readonly=0 - name: Checkout Code - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false From 2191464e58092b59757994015864566994cb96a6 Mon Sep 17 00:00:00 2001 From: David Buchmann Date: Mon, 16 Mar 2026 11:13:28 +0100 Subject: [PATCH 2/2] fix dependabot automerge --- .github/workflows/ci.yaml | 18 ++++++++++++- .github/workflows/dependabot-automerge.yml | 30 ---------------------- 2 files changed, 17 insertions(+), 31 deletions(-) delete mode 100644 .github/workflows/dependabot-automerge.yml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cb2b3cf..d11d0d1 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -13,7 +13,7 @@ concurrency: cancel-in-progress: true jobs: - latest: + tests: name: PHP ${{ matrix.php }} runs-on: ubuntu-latest strategy: @@ -38,3 +38,19 @@ jobs: - name: Execute tests run: make phpcs + + dependabot-automerge: + name: Auto-merge Dependabot PRs + needs: tests # only on successful tests + runs-on: ubuntu-latest + + permissions: + pull-requests: write # needed so dependabot can approve + contents: write # needed so dependabot can merge + + steps: + - name: Auto-merge Dependabot PRs + uses: fastify/github-action-merge-dependabot@1b2ed42db8f9d81a46bac83adedfc03eb5149dff # v3 + with: + # only automerge patch & minor semver bumps + target: minor diff --git a/.github/workflows/dependabot-automerge.yml b/.github/workflows/dependabot-automerge.yml deleted file mode 100644 index 516c1be..0000000 --- a/.github/workflows/dependabot-automerge.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Dependabot - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - -permissions: {} - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - dependabot-automerge: - name: Auto-merge Dependabot PRs - needs: tests # only on successful tests - runs-on: ubuntu-latest - - permissions: - pull-requests: write # needed so dependabot can approve - contents: write # needed so dependabot can merge - - steps: - - name: Auto-merge Dependabot PRs - uses: fastify/github-action-merge-dependabot@1b2ed42db8f9d81a46bac83adedfc03eb5149dff # v3 - with: - # only automerge patch & minor semver bumps - target: minor