A Python tool to manage security and dependency updates across multiple repositories by automatically merging Dependabot PRs or requesting updates when conflicts occur.
Automate the merging of Dependabot pull requests across all your GitHub repositories. This Python script fetches all your repositories, detects open Dependabot PRs, merges them automatically if possible, or requests a rebase using @dependabot recreate if conflicts are detected.
- Fetch all repositories for a user or organization
- Detect open Dependabot PRs
- Automatically merge mergeable PRs using your preferred merge method (
squash,merge, orrebase) - Comment on PRs with conflicts to request a rebase (
@dependabot recreate) - Caches repository list for faster subsequent runs
- Configurable delays to avoid GitHub API rate limits
- Logs actions for full transparency
- Clone the repository:
git clone https://github.com/BaseMax/dependabot-merge-automator.git
cd dependabot-merge-automator- Install dependencies:
pip3 install -r requirements.txt- Create a
.envfile in the project root:
GITHUB_TOKEN=your_personal_access_token_hereMake sure your token has at least the following permissions:
repo(for private repositories)public_repo(for public repositories)read:org(if accessing organization repositories)
Run the script:
python3 merger.pyThe script will:
- Fetch all repositories for your GitHub user
- Check for open Dependabot PRs
- Merge PRs automatically if possible
- Comment on PRs with conflicts requesting
@dependabot recreate
MERGE_METHOD: Choosemerge,squash, orrebaseREQUEST_DELAY: Seconds to sleep between API requests (default: 2)REPO_DELAY: Seconds to sleep between processing repositories (default: 3)CACHE_FILE: File to cache repository list (default:repos_cache.json)
You can edit these directly in merger.py or enhance the script to read from environment variables.
MIT License
Seyyed Ali Mohammadiyeh (Max Base)