Dependabot auto merge does not respect permissions.
rbowensv-contrast opened this issue · comments
My team is trying to set up dependabot auto merge. We have auto approve working using the github token and granted PR write permissions but the same does not work for auto merge. Is there a way to get auto merge working without a PAT? Setting up a PAT for each repo in our Org isn't feasible.
This question isn't really about fetch-metadata
, but rather the overall Dependabot tokens, and the current behavior is already explained in detail here:
Is there a way to get auto merge working without a PAT?
For now, you need a PAT.
Setting up a PAT for each repo in our Org isn't feasible.
Yeah, that's painful. I don't think there's currently a way to set an org-level PAT, but I'm not fully sure TBH. I suggest open a discussion in https://github.com/orgs/community/discussions/categories/code-security