Dependabot 生成的 Pull Request 与 codeowners 文件和分支保护规则的自动合并?

Automatic merging of Dependabot generated Pull Request with codeowners file and branch protection rule?

我已经按照此处所述为 GitHub 操作创建了工作流:https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions

    name: Dependabot auto-approve
    on: pull_request_target
    
    permissions:
      contents: write
      pull-requests: write
    
    jobs:
      dependabot:
        runs-on: ubuntu-latest
        if: ${{ github.actor == 'dependabot[bot]' }}
        steps:

          - name: Approve a PR
            run: gh pr review --approve "$PR_URL"
            env:
              PR_URL: ${{github.event.pull_request.html_url}}
              GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

          - name: Enable auto-merge for Dependabot PRs
            run: gh pr merge --auto --merge "$PR_URL"
            env:
              PR_URL: ${{github.event.pull_request.html_url}}
              # The documentation incorrectly forgets `GITHUB_TOKEN` here.
              GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

上述自动化工作正常,但我有一个分支保护规则需要代码所有者审核。

有没有办法将 github-actions 包含到 CODEOWNERS 文件中,以便计算其批准?

截至目前,无法将 GitHub 应用程序添加到引用的代码所有者中 here

Thank you for being here! Currently, GitHub Apps can’t be used in CODEOWNERS – that’s not supported. It’s something the team is considering for the future, and I’ll be sure to add your use case to the internal feature request.

但是,您可以使用自己生成的 GitHub 个人访问令牌,如 in the documentation here, then add it as a secret and use it in your workflow. See the GitHub Documentation 所述。

您操作的最后一步将引用您自定义的秘密。在下面的示例中,我假设它被称为 MYTOKEN

          - name: Enable auto-merge for Dependabot PRs
            run: gh pr merge --auto --merge "$PR_URL"
            env:
              PR_URL: ${{github.event.pull_request.html_url}}
              # The documentation incorrectly forgets `GITHUB_TOKEN` here.
              GITHUB_TOKEN: ${{secrets.MYTOKEN}}

使用这种方法,合并将作为您的用户完成,我假设他是 CODEOWNERS 的一部分。