Add GH job and script to auto approve dependabot PRs. #411
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
simongdavies
added
the
kind/enhancement
simongdavies
force-pushed
the
process-dependabot-prs
branch
from
2882dc9 to
1718142
Compare
dblnz
previously approved these changes
Apr 10, 2025
simongdavies
force-pushed
the
process-dependabot-prs
branch
from
1718142 to
85fd54b
Compare
|
@dblnz I addressed your comments and also updated the login in the script to address issues with pending checks. |
Signed-off-by: Simon Davies <[email protected]>
simongdavies
force-pushed
the
process-dependabot-prs
branch
from
85fd54b to
1017cf0
Compare
dblnz
approved these changes
Apr 11, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #299 suggested batching GH PRs to cut down the overhead of dealing with them, a large part of that overhead is caused by having to review/approve/merge each request alongside the impact of updates to main making it hard to merge other PRs (because of the way we need to merge due to other GH issues).
This PR attempts to solve these issues by automating the process of approval and merging of dependabot PRs, and doing it at a time when there should be less merging of "real" PRs taking place. It does the following:
Runs the dependabot job at 03:00 UTC.
Runs a new job at 04:00 UTC, this job runs a script which checks for any open PRs authored by dependabot, or each one it finds it checks the following:
That the PR only modifies Cargo.lock/Cargo.toml or GH actions workflows.
No status checks have failed.
That no one has added any commits manually.
If all these checks are true then it automatically approves the PR and requests dependabot to merge it