Skip to content

Add dependency checker comment #2093

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jonathanKingston wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add dependency checker comment #2093

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
0cc7393
Add dependency checker comment
jonathanKingston Dec 8, 2025
48373c0
Add comment when dependabot gets stale to recreate
jonathanKingston Dec 8, 2025
190a713
Merge remote-tracking branch 'origin/main' into jkt/dependency-checke…
jonathanKingston Dec 8, 2025
a4ea6ac
Add opened check to prevent multiple comments
jonathanKingston Dec 8, 2025
4ed6465
Lint fix
jonathanKingston Dec 8, 2025
60b7728
Add a comment about coverage
jonathanKingston Dec 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .github/workflows/dependabot-auto-merge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,16 @@ jobs:
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Request Cursor review
if: github.event.action == 'opened'
run: |
gh pr comment "$PR_URL" --body "@cursoragent can you review against the current code and outline potential impacts based on the changelogs of the update?

Can you check the test coverage and ensure that the new code is covered?
Can you think through if this dependency is still needed or if there's better practices used elsewhere.

Can you draft a separate PR with any fixes that might be needed?"
env:
PR_URL: ${{ github.event.pull_request.html_url }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
43 changes: 43 additions & 0 deletions .github/workflows/dependabot-conflict-detector.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: Dependabot conflict detector

on:
push:
branches: [main]

permissions:
pull-requests: write

jobs:
check-conflicts:
runs-on: ubuntu-latest
steps:
- name: Check Dependabot PRs for conflicts
uses: actions/github-script@v7
with:
script: |
const { data: pulls } = await github.rest.pulls.list({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'open',
});
const dependabotPRs = pulls.filter(pr => pr.user.login === 'dependabot[bot]');
for (const pr of dependabotPRs) {
// Fetch full PR to get accurate mergeable status
const { data: fullPR } = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: pr.number,
});
if (fullPR.mergeable === false) {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: pr.number,
body: '@dependabot recreate',
});
Copy link

@cursor cursor bot Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Duplicate recreate comments on every push to main

The workflow runs on every push to main and creates a @dependabot recreate comment whenever a PR has conflicts, but it doesn't check if a recreate comment was already posted. This means multiple duplicate comments will be added to the same PR on subsequent pushes to main while the PR remains in a conflicted state, potentially triggering dependabot to recreate the PR multiple times unnecessarily.

Fix in Cursor Fix in Web

Copy link
Contributor Author

@jonathanKingston jonathanKingston Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only if fullPR.mergeable === false so might trigger a few times on merge queues but I think it's low risk and not the end of the world.

console.log(`Requested recreate for PR #${pr.number}`);
}
}