We use dependabot to manage our dependencies. We have automerge rules set up with dependabot to merge patch level changes and security fixes. I’ve also enabled protected branches and required the bors status check to be good before merging, therefore only allowing bors to merge.
The combination of these two things means that dependabot cannot automerge. I’d like to have dependabot automerge (preferably via bors) while stll allowing the protected branches so that devs are encouraged to bors r+ to merge and can’t do it via the github UI.
Has this been done before? Is there a good way to do this? I’ve considered writing some automation to auto respond to dependabot PRs that should automerge with bors r+, but that feels hacky.
Any ideas? Thanks!