Using GitHub merge queue to ease the Dependabot churn
Good morning, project!
$ gh pr list #1626 chore(deps-dev): bump black from 23.1.0 t... dependabot/pip/black-23.3.0 about 7 hours ago #1625 chore(deps-dev): bump types-requests from... dependabot/pip/types-requests-126.96.36.199 about 7 hours ago #1624 chore(deps-dev): bump mkdocs-include-mark... dependabot/pip/mkdocs-include-markdown-p... about 7 hours ago #1623 chore(deps-dev): bump types-redis from 4.... dependabot/pip/types-redis-188.8.131.52 about 7 hours ago #1622 chore(deps-dev): bump pre-commit from 3.1... dependabot/pip/pre-commit-3.2.1 about 7 hours ago #1621 chore(deps-dev): bump types-deprecated fr... dependabot/pip/types-deprecated-184.108.40.206 about 7 hours ago #1620 chore(deps-dev): bump types-python-dateut... dependabot/pip/types-python-dateutil-2.8... about 7 hours ago #1619 chore(deps-dev): bump types-redis from 4.... dependabot/pip/types-redis-220.127.116.11 about 7 hours ago #1618 chore(deps-dev): bump moto from 4.1.4 to ... dependabot/pip/moto-4.1.6 about 7 hours ago
-Spits out coffee-
Automating dependabot PR merging
Don't try this at home, kids
You should always read through the changelog of Dependabot PRs and have at least a basic understanding of what changes you introduce to your projects, your colleagues/co-authors and yourself, before merging.
But once you've done that, maybe let's see if we can ease the pain a bit here...
I'm fortunate to work at a company who owns a GitHub organization, and right now merge queues is in beta for GitHub organizations. By enabling this (in the repo settings1) I can queue up all these dependabot PRs for merging in one go.
Let's write a little script!
You'll need to install and authenticate the GitHub CLI to make the
gh command accessible, which is invoked by this script.
The script will take arguments and forward to
gh. This can be useful to filter out certain PRs you want to merge.
# Merge open PRs that successfully passed CI (both unapproved and approved) ./dependabot-merge.sh --search "is:open draft:false status:pending status:success" # Merge open PRs that successfully passed CI and are categorized as developer dependencies ./dependabot-merge.sh --search "is:open draft:false status:pending status:success chore(deps-dev) in:title"
gh pr list --help for more examples and help on
--search, and see the official docs here on
To be able to search for
chore(deps-dev), you might have to add something like this to your dependabot settings:
By the way, you can set up merge queues to employ a "rebase and merge" method . ↩