Giters

dependabot / feedback

The old feedback repository for Dependabot. Click below for the new repository.

Home Page:https://github.com/dependabot/dependabot-core

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Automerge to a non default branch, creating the branch if it does not exist

jasononeil opened this issue · comments

commented

We have a company policy where all code merged to a default branch must pass CI and be reviewed by one of our engineers.

The problem

The difficulty with targeting a default branch:

  1. We can't use automerge due to a policy.
  2. I merge the first dependabot PR.
  3. All other dependabot PRs start rebasing, and I wait for the builds to complete - introducing a ~5 minute delay for each PR I want to merge. (Or longer on monolith repos!)
  4. I merge the next PR. Go to 2.

When there are 20+ PRs, this is quite time consuming.

The desired solution

Similar to #207, we want to target a branch called "npm-refresh", and automerge into that branch, and then have a human merge that branch into master.

The feature request

The above work flow works, if the target branch already exists. If it does not, it opens an issue on the repo:

Dependabot couldn't find the branch npm-refresh

My request is that rather than create an issue, if the target branch doesn't exist, dependabot create a new branch (branching off of the default branch) and use this as the target branch.

If you're open to this feature I'd be interested in contributing to dependabot-core.

commented

I also just saw this issue, but am not sure that it's related: https://github.com/dependabot/feedback/issues/782

(It sounds like they have a bug where the branch does exist, but is not being found)

commented

@jasononeil ah yeah this is a bit of a pain at the moment. I think the best you can do currently is implement something like this using Actions.

Supporting different source and target branches would be quite a complex undertaking for dependabot (to avoid wasted work) as it uses the source branch information to figure out when to open pull requests. If we scanned your manifest for updates on master and then you merged the update to npm-refresh dependabot would attempt to do the update again and throw it away when it spotted the branch was already merged.

commented

That is good to know, thanks @feelepxyz - it helps to understand the complexity such a feature would introduce.

We'll look into a Github workflow to:

  • Recreate an npm-refresh branch based on master whenever the previous branch is merged
  • Perhaps merge in master periodically (daily?) to keep the branch fresh if it takes us a few days to merge it.

Thank you, I'll close this for now.