From 90b2c57951d8423e41859c5c228151ad087ce0d1 Mon Sep 17 00:00:00 2001
From: Martin Nordholts <martin.nordholts@codetale.se>
Date: Thu, 17 Jul 2025 06:56:16 +0200
Subject: [PATCH] Stop auto-merge dependabot PRs

Our CI runs a fair amount of unaudited third party code. I'd like to
stop using my Personal Access Token until we have had time to security
harden our CI.
---
 .../workflows/Auto-merge-dependabot-PRs.yml   | 23 -------------------
 1 file changed, 23 deletions(-)
 delete mode 100644 .github/workflows/Auto-merge-dependabot-PRs.yml

diff --git a/.github/workflows/Auto-merge-dependabot-PRs.yml b/.github/workflows/Auto-merge-dependabot-PRs.yml
deleted file mode 100644
index 741eb684..00000000
--- a/.github/workflows/Auto-merge-dependabot-PRs.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-# This workflow triggers auto-merge of any PR that dependabot creates so that
-# PRs will be merged automatically without maintainer intervention if CI passes
-name: Auto-merge dependabot PRs
-
-on:
-  pull_request_target:
-    types: [opened]
-
-jobs:
-  auto-merge:
-    if: github.repository == 'sharkdp/bat' && startsWith(github.head_ref, 'dependabot/')
-    runs-on: ubuntu-latest
-    environment:
-      name: auto-merge
-      url: https://github.com/sharkdp/bat/blob/main/.github/workflows/Auto-merge-dependabot-PRs.yml
-    env:
-      GITHUB_TOKEN: ${{ secrets.AUTO_MERGE_GITHUB_TOKEN }}
-    steps:
-      - uses: actions/checkout@v4
-      - run: |
-          gh pr review ${{ github.event.pull_request.number }} --comment --body "If CI passes, this dependabot PR will be [auto-merged](https://github.com/sharkdp/bat/blob/main/.github/workflows/Auto-merge-dependabot-PRs.yml) 🚀"
-      - run: |
-          gh pr merge --auto --squash ${{ github.event.pull_request.number }}