Skip to content

Auto-merge every Dependabot tier (drop semver-major skip) #799

Description

@ptr727

Summary

The merge-bot still skips semver-major Dependabot bumps (holding them for human review) via the version-update:semver-major guard on the merge step. Per a maintainer decision, Dependabot should auto-merge every tier including semver-major — the required CI checks are the gate, not the version magnitude.

Current (drifted) behavior

.github/workflows/merge-bot-pull-request.yml merge-dependabot job carries:

# Skip semver-major NuGet bumps so they land via human review; ...
if: ... (steps.metadata.outputs.update-type != 'version-update:semver-major')

Desired behavior (already implemented in Utilities and LanguageTags)

Every tier auto-merges, semver-major included: the required checks are the gate, not the version bump.

Requested change

  • Remove the version-update:semver-major condition from the Dependabot merge step.
  • Remove the now-unused Get dependabot metadata step (it exists only to feed that guard) if nothing else consumes it.
  • Update the repo's workflow contract docs (WORKFLOW.md D8.2 / diagram / trace, AGENTS.md invariant) accordingly.

Reference implementation: ptr727/homeassistant-purpleair (merge-bot + WORKFLOW.md/AGENTS.md updated to the every-tier policy). Root cause is template drift — see the companion issue in ptr727/ProjectTemplate.

Please also verify no already-open major Dependabot PRs are stuck (auto-merge only fires on opened/reopened, so existing ones may need a reopen after the fix lands).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions