Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Conditionally auto-approve dependabot PRs #1117

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Conversation

cadmiumcat
Copy link
Contributor

@cadmiumcat cadmiumcat commented Dec 31, 2024

What problem does this pull request solve?

We want to set up a flow to to auto-approve some dependabot PRs. PRs will only
be approved if:

  • they are not npm updates, and
  • the update is only a version patch

Trello card

Things to consider when reviewing

The workflow will approve PRs even if other checks haven't passed. We have a rule that checks have to pass in order to be able to merge, so we wouldn't be merging it anyway.
Ideally we'd also have this only approve when all checks have passed, but that's beyond my current mental capacity

  • Ensure that you consider the wider context.
  • Does it work when run on your machine?
  • Is it clear what the code is doing?
  • Do the commit messages explain why the changes were made?
  • Are there all the unit tests needed?
  • Has all relevant documentation been updated?

Local testing

I wanted to try this workflow locally using act but it keep getting an error at the step where we ask it to get the dependabot metadata.

[Dependabot auto-approve/dependabot]   💬  ::debug::Verifying the job is for an authentic Dependabot Pull Request
[Dependabot auto-approve/dependabot]   ❗  ::error::Api Error: (404) Not Found
[Dependabot auto-approve/dependabot]   ❌  Failure - Main dependabot/fetch-metadata@v2
[Dependabot auto-approve/dependabot] exitcode '1': failure
[Dependabot auto-approve/dependabot] 🏁  Job failed
<!-- If this section isn't relevant for your PR feel free to edit or remove it -->

@cadmiumcat cadmiumcat marked this pull request as ready for review December 31, 2024 13:38
@cadmiumcat cadmiumcat changed the title TMP: conditionally auto-approve dependabot PRs Prepare to conditionally auto-approve dependabot PRs Dec 31, 2024
@cadmiumcat cadmiumcat marked this pull request as draft December 31, 2024 14:31
@cadmiumcat cadmiumcat force-pushed the auto-merge-patches branch 2 times, most recently from 31a8097 to 52296b9 Compare December 31, 2024 14:58
@cadmiumcat cadmiumcat changed the title Prepare to conditionally auto-approve dependabot PRs Conditionally auto-approve dependabot PRs Dec 31, 2024
@cadmiumcat cadmiumcat marked this pull request as ready for review December 31, 2024 15:06
@cadmiumcat cadmiumcat marked this pull request as draft December 31, 2024 15:42
We want to set up a flow to to auto-approve some dependabot PRs. PRs will only
be approved if:
- they are not `npm` updates, and
- the update is only a version patch
Copy link

sonarqubecloud bot commented Jan 9, 2025

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant