| name | merge-dependabot |
|---|---|
| description | Merge open Dependabot PRs one at a time, rebasing on main between each, after verifying safety |
Merge all open Dependabot PRs sequentially, verifying each one before merging.
Run this entire workflow in a background agent with worktree isolation so it does not affect the current working directory or branch.
For each open Dependabot PR (oldest first):
-
List PRs —
gh pr list --author "app/dependabot" --state open --json number,title,headRefName -
Verify safety — before merging each PR:
- Run
gh pr checks <number>to confirm CI is passing - Review the diff (
gh pr diff <number>) for anything unexpected beyond a version bump - If checks are failing or the diff looks suspicious, skip the PR and report why
- Run
-
Rebase and squash merge — for each PR that passes verification:
- Fetch the branch:
git fetch origin <branch> - Check out and rebase onto origin/main:
git checkout <branch> && git rebase origin/main - Force push the rebased branch:
git push --force-with-lease - Squash merge:
gh pr merge <number> --squash --delete-branch - Update main:
git checkout main && git pull origin main
- Fetch the branch:
-
Report — after processing all PRs, summarize which were merged, skipped, or failed, and why.
- Process PRs one at a time so each rebase includes the previous merge.
- Always rebase onto origin/main, then squash merge.
- Always return to main between PRs.