Skip to content

chore: Updated Dependabot config to group PRs and added workflow for scheduled auto-merge #549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 27, 2025
Merged

chore: Updated Dependabot config to group PRs and added workflow for scheduled auto-merge #549

merged 1 commit into from
May 27, 2025

Conversation

@Rafi-Microsoft
Copy link
Contributor

@Rafi-Microsoft Rafi-Microsoft commented May 23, 2025

Purpose

  • Introduced a scheduled GitHub Actions workflow to auto-approve and auto-merge Dependabot PRs targeting the dependabotchanges branch.
  • Also optimized the dependabot.yml configuration to group dependency updates by ecosystem and path, significantly reducing PR noise.
  • Enhanced rebase logic to handle merge conflicts using --strategy-option=theirs.
  • Implemented multi-strategy auto-merge (merge, squash, rebase) with fallback handling.
  • Improved overall script reliability and compatibility with repo-level merge restrictions.

Does this introduce a breaking change?

  • Yes
  • No

Golden Path Validation

  • I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

  • I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

  • ...

Other Information

Copilot AI review requested due to automatic review settings May 23, 2025 07:48
Copilot AI reviewed May 23, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a scheduled GitHub Actions workflow to auto-approve, rebase, and merge Dependabot PRs on the dependabotchanges branch, and refines the Dependabot configuration to group updates and limit open PRs.

  • Introduces scheduled-Dependabot-PRs-Auto-Merge.yml for nightly and manual Dependabot PR processing with conflict rebasing and multi-strategy merge
  • Updates .github/dependabot.yml to group dependency updates by ecosystem/path and set open-pull-requests-limit to 10

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
.github/workflows/scheduled-Dependabot-PRs-Auto-Merge.yml Adds workflow to fetch, rebase, and auto-merge Dependabot PRs on a schedule
.github/dependabot.yml Optimizes grouping and limits for Dependabot updates across multiple paths
Comments suppressed due to low confidence (1)

.github/dependabot.yml:28

  • [nitpick] The group name 'backend-deps' is reused in multiple blocks; consider using unique, more descriptive names per directory to avoid confusion.
backend-deps:

.github/dependabot.yml
- "*"

# 2. Python dependencies
# 2. Python dependencies – App
Copy link

Copilot AI May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace the unexpected '�' character in the comment with a standard hyphen or dash for clarity.

Suggested change
# 2. Python dependencies App
# 2. Python dependencies - App

Copilot uses AI. Check for mistakes.
.github/dependabot.yml
patterns:
- "*"

# 3. Python dependencies – Azure Function
Copy link

Copilot AI May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace the unexpected '�' character in this comment with a standard hyphen or dash for consistency.

Suggested change
# 3. Python dependencies Azure Function
# 3. Python dependencies - Azure Function

Copilot uses AI. Check for mistakes.
.github/workflows/scheduled-Dependabot-PRs-Auto-Merge.yml
contents: write
pull-requests: write

jobs:
Copy link

Copilot AI May 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] This workflow contains extensive shell logic; consider extracting repeated steps into a composite action to improve readability and maintainability.

Copilot uses AI. Check for mistakes.
@Rafi-Microsoft Rafi-Microsoft merged commit 060d3cc into main May 27, 2025
8 checks passed
@github-actions
Copy link

github-actions bot commented Jun 6, 2025

🎉 This PR is included in version 1.2.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@Rafi-Microsoft Rafi-Microsoft deleted the PSL-DependabotAutoMergeWorkflow branch July 15, 2025 11:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Prajwal-Microsoft Prajwal-Microsoft Prajwal-Microsoft approved these changes

@Avijit-Microsoft Avijit-Microsoft Awaiting requested review from Avijit-Microsoft Avijit-Microsoft is a code owner

@Roopan-Microsoft Roopan-Microsoft Awaiting requested review from Roopan-Microsoft Roopan-Microsoft is a code owner

@Vinay-Microsoft Vinay-Microsoft Awaiting requested review from Vinay-Microsoft Vinay-Microsoft is a code owner

@aniaroramsft aniaroramsft Awaiting requested review from aniaroramsft aniaroramsft is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Rafi-Microsoft @Prajwal-Microsoft