DuneBot is a GitHub App that automates approval and merging of pull requests using configurable rules. It works with Dependabot and Renovate, ensures CI checks pass, and supports flexible policies per repository. Designed for scale, it reduces manual effort and keeps dependencies up to date efficiently.

DuneBot – Automated Dependency Management at Scale

Managing dependency updates across many repositories is time-consuming and repetitive. DuneBot is a GitHub App that automates approval and merging of pull requests, helping teams stay secure and up to date with minimal effort.

What DuneBot Does

DuneBot listens to pull request events and applies configurable rules to decide whether a PR should be approved, rebased, or merged automatically. It integrates with Dependabot and Renovate while supporting custom workflows.

Testimonial

“Taming the Dependabot update deluge” — shows how automated dependency management can reduce PR noise and improve developer productivity at scale.
https://medium.com/flink-data/taming-the-dependabot-update-deluge-ad09fe805a5e

Configuration

DuneBot uses .github/dunebot.yaml with flexible rule modes:

• original – global config only
• merge – combine global + repo rules
• override (default) – repo-only config

Safe by Default

• Requires CI checks to pass
• Ensures target branch health
• Supports minimum PR age
• Custom validations (e.g. Terraform plans)

Use Cases

• Multi-language dependency updates
• GitHub Actions upgrades
• Infrastructure updates (Terraform, Helm)
• Generated code updates

DuneBot scales across large repository fleets, reducing manual effort and improving update velocity.

Open Source

Fully open source and adaptable to your workflows and governance needs.

Disclaimer

Provided as-is without guarantees. Runs on Hetzner Cloud and is not production SLA-grade.

DuneBot enables controlled, flexible, and scalable pull request automation.