Merge pull request #56 from NHSDigital/dependabot/apm-360-let-dependa…

…bot-merge APM-360 Add dependabot-config
NHSDigital · Feb 26, 2020 · 8ad6435 · 8ad6435
2 parents 926d013 + f7713a6
commit 8ad6435
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 5 deletions.
diff --git a/.dependabot/config.yml b/.dependabot/config.yml
@@ -0,0 +1,32 @@
+version: 1
+update_configs:
+  - package_manager: "javascript"
+    directory: "/"
+    update_schedule: "live"
+    allowed_updates:
+      - match:
+          update_type: "security"
+    automerged_updates:
+      - match:
+          dependency_type: "all"
+          update_type: "security:patch"
+  - package_manager: "javascript"
+    directory: "/sandbox"
+    update_schedule: "live"
+    allowed_updates:
+      - match:
+          update_type: "security"
+    automerged_updates:
+      - match:
+          dependency_type: "all"
+          update_type: "security:patch"
+  - package_manager: "python"
+    directory: "/"
+    update_schedule: "live"
+    allowed_updates:
+      - match:
+          update_type: "security"
+    automerged_updates:
+      - match:
+          dependency_type: "all"
+          update_type: "security:patch"
diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml
@@ -20,8 +20,3 @@ jobs:
           msg: |
             This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:
             # [${{ env.TICKET_NAME }}](https://jira.digital.nhs.uk/browse/${{ env.TICKET_NAME}})
-
-      - name: Merge dependabot PRs
-        uses: ridedott/merge-me-action@master
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## 2020-02-26
+* Add a config for dependabot so that security updates are automatically merged
+
 ## 2020-02-24
 * Hugely improved linting of source code
 * New testing setup & approach to support e2e tests