Return to dependabot pipeline branches see notes in task #250
Description
Notes for Jira Dependabot task
- pulling master into all pull requests makes the dependabot which operates like a fork use the new pipelines
- using same tokens in dependabot secrets and putting the same values in allows dependabot to operate like other workflows without using dangerous pr_targer
- dependabot is not replicating bump values of packages we would do this if there is a fix
- dependabot and semver generally not working well together due to branch and commit names
- desired outcome
- automerge dependabot branches into Automatic_version_update_dependabot
- weekly auto merge Automatic_version_update_dependabot into Automatic_collected_dependabot_staging where it will get showcase, and package testing
- weekly merge Automatic_collected_dependabot_staging into master
- (if a bump i required that means theres been a code change)
- challenge
@dependabot recreateand@dependabot rebasedont seem to update workflow files being used for Checks- so each pr is requiring master to be pulled into it
- github cli
- look at this for auto merge
- Some branch overrides should be available for faster merging but not there
- Automatic branches may need to be excluded from other branch rules
- tidy reuseable checks qqqq
- tidy automerge-dependabot-prs-into-collected-branch.yml
- take automatic to master then do a normal feat release check semver works
Automerge seems available in pull requests i make not in ones dependabot makes and for that reason i think the script isnt making the auto merge flag happen ... is this another restriction caused by dependabot being technically a fork?