Skip to content

maxonfjvipon/deps-sentinel-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

Auto-Merge Dependency Bot Pull Requests

make License

This is a GitHub Action that scans open pull requests in the repository, finds those opened by dependency bots — by default Renovate and Dependabot, but any bot login is configurable via bot-logins — and merges them automatically when CI is green. If the build is red, it posts a comment tagging the repository owner — but only once per pull request, to avoid spam. Use it like this:

name: renovate-merge
'on':
  schedule:
    - cron: '0 * * * *'
jobs:
  merge:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: maxonfjvipon/deps-sentinel-action@0.0.3
        with:
          token: ${{ secrets.RENOVATE_MERGE_TOKEN }}
          owner: octocat

The owner is the GitHub handle that gets @mentioned in a comment posted by github-actions[bot] when CI is failing. The token must be a Personal Access Token of the repository owner — it is used to post the @rultor merge command as the owner when Rultor is in use, and to merge the pull request directly otherwise.

If the repository has a .rultor.yml file, the merge is initiated by posting a @rultor merge comment as the repository owner. Otherwise, the pull request is merged directly via the GitHub API.

When a bot pull request has workflow runs awaiting manual approval — as happens when GitHub gates runs triggered by the default GITHUB_TOKEN — the action approves those runs, scoped to the pull request's head commit, so that CI can start. The token actor differs from the bot that triggered the runs, so it is permitted to approve them.

A more fine-grained configuration is also possible:

- uses: maxonfjvipon/deps-sentinel-action@0.0.3
  with:
    token: ${{ secrets.RENOVATE_MERGE_TOKEN }}
    owner: octocat
    bot-logins: |
      renovate[bot]
      dependabot[bot]
      snyk-bot
    merge-method: merge
    rultor: auto
    required-checks: build,test
    dry-run: false
Input Default Description
token PAT of the repo owner (required)
owner GitHub handle to @mention on CI failure (required)
bot-logins renovate[bot], dependabot[bot] Newline-separated list of dependency bot logins to watch
merge-method merge Merge method when not using Rultor
rultor auto auto detects .rultor.yml, true forces it, false disables it
required-checks (all) Comma-separated checks that must pass; empty means all
dry-run false Log actions without posting comments or merging

How to Contribute

Fork repository, make changes, then send us a pull request. We will review your changes and apply them to the master branch shortly, provided they don't violate our quality standards. To avoid frustration, before sending us your pull request please make sure all your tests pass:

make

You will need GNU make and bats-core installed.

License

Copyright (c) 2026 Max Trunnikov. MIT License.

About

No description, website, or topics provided.

Resources

Stars

4 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors