In this document, we describe how to set up CI to merge pull requests from Renovate automatically under secure settings.
- Merge pull requests from Renovate automatically
- Support pull requests from fork repositories
Set up branch protections.
mainRequire a pull request before mergingRequire status checks to pass before mergingStatus checks that are required.:status-check
renovate/*Do not allow bypassing the above settingsAllow deletions
- Allow auto-merge
Create one GitHub App and install it to a repository.
aqua-update-checksum-public- Permissions
contents: write- Update
aqua-checksums.jsonand push a commit to a pull request - Enable automerge
- Update
pull-requests: write: Enable Automerge
- Permissions
Create Repository Secrets.
APP_ID: GitHub App IDAPP_PRIVATE_KEY: GitHub App Private Key
- .github/workflows/*.yaml
- aqua
- aqua.yaml
- aqua/*.yaml
- aqua-checksums.json: This is autogenerated.
- renovate.json5