dacrab · dacrab · May 17, 2026 · May 17, 2026
@@ -6,27 +6,39 @@ on:
   pull_request:
 
 concurrency:
-  group: >-
-    ${{ github.workflow }}-${{ github.event.pull_request.user.login == 'dependabot[bot]' && 'dependabot-queue' || github.ref }}
+  group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 permissions:
   contents: read
 
 jobs:
   ci:
-    uses: dacrab/.github-workflows/.github/workflows/bun-ci.yml@v1
-    with:
-      node-version: '22'
-      check-cmd: 'bun run ci'
-      test-cmd: ''
-      build-cmd: 'bun run build'
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        with:
+          persist-credentials: false
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
+        with:
+          node-version: '22'
+      - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2
+      - run: bun install --frozen-lockfile
+      - name: Check
+        run: bun run ci
+      - name: Build
+        run: bun run build
 
   auto-merge:
     needs: ci
+    if: github.event.pull_request.user.login == 'dependabot[bot]'
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
     permissions:
-      pull-requests: write
       contents: write
-    uses: dacrab/.github-workflows/.github/workflows/dependabot-auto-merge.yml@v1
-    with:
-      target: minor
+      pull-requests: write
+    steps:
+      - uses: fastify/github-action-merge-dependabot@59fc8817458fac20df8884576cfe69dbb77c9a07 # v3
+        with:
+          target: minor