Skip to content

Auto-merge every Dependabot tier, drop semver-major skip (#799)#800

Merged
ptr727 merged 1 commit into
developfrom
fix/dependabot-auto-merge-every-tier
Jul 3, 2026
Merged

Auto-merge every Dependabot tier, drop semver-major skip (#799)#800
ptr727 merged 1 commit into
developfrom
fix/dependabot-auto-merge-every-tier

Conversation

@ptr727

@ptr727 ptr727 commented Jul 3, 2026

Copy link
Copy Markdown
Owner

Closes #799.

Summary

The merge-bot held semver-major NuGet bumps for human review via a version-update:semver-major guard fed by dependabot/fetch-metadata. Per the every-tier policy already implemented in Utilities and LanguageTags, the required CI checks are the gate, not the version magnitude.

Changes

  • .github/workflows/merge-bot-pull-request.yml — remove the Get dependabot metadata step and the version-update:semver-major guard on the merge step. Every in-repo Dependabot PR now auto-merges on open once the required checks pass (--auto still blocks a breaking bump until checks go green). Now matches the Utilities reference.
  • WORKFLOW.md — self-sufficiency prose, merge-bot mermaid diagram (dropped the semver-major NuGet? gate node), automation prose, D8.2, D8/D9 summary, and the S12 trace row.
  • AGENTS.md — Dependabot auto-merge invariant.
  • .github/copilot-instructions.md — no change; it never carried the merge policy.

Note

Auto-merge only fires on opened/reopened, so any already-open major Dependabot PRs need a reopen to pick this up.

🤖 Generated with Claude Code

The merge-bot held semver-major NuGet bumps for human review via a
version-update:semver-major guard fed by dependabot/fetch-metadata. Per the
every-tier policy already in Utilities and LanguageTags, the required CI checks
are the gate, not the version magnitude.

- Remove the metadata step and the semver-major guard from the merge step so
  every in-repo Dependabot PR auto-merges on open once checks pass.
- Update the workflow contract to match: WORKFLOW.md self-sufficiency prose,
  merge-bot diagram, automation prose, D8.2, D8/D9 summary, S12 trace row, and
  the AGENTS.md Dependabot invariant.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 3, 2026 14:36

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Aligns the repository’s Dependabot auto-merge policy and its documented workflow contract: semver-major bumps are no longer held for human review, and auto-merge is gated solely by the required CI checks.

Changes:

  • Removes the Dependabot metadata fetch step and the semver-major NuGet guard from the merge-bot workflow, allowing auto-merge for all Dependabot PR tiers.
  • Updates WORKFLOW.md’s automation prose, mermaid diagram, behavioral contract (D8.2), and trace scenario (S12) to match the new policy.
  • Updates AGENTS.md to reflect the “every tier auto-merges” invariant.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
.github/workflows/merge-bot-pull-request.yml Drops metadata-based semver-major gating so all Dependabot PRs can enable auto-merge on open/reopen.
WORKFLOW.md Updates the workflow contract documentation (prose/diagram/contract/trace) to state that CI required checks are the sole gate.
AGENTS.md Updates the Dependabot policy invariant to remove the semver-major exception.

@ptr727 ptr727 merged commit f6a8566 into develop Jul 3, 2026
13 checks passed
@ptr727 ptr727 deleted the fix/dependabot-auto-merge-every-tier branch July 3, 2026 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants