Skip to content

Commit ef95a76

Browse files
Rafi-MicrosoftRafi-Microsoft
authored
Merge pull request #435 from microsoft/v-rafmd/dependabotPOC
chore: add scheduled auto-merge workflow and group Dependabot PRs by ecosystem
2 parents 5c517ef + c819188 commit ef95a76

File tree

2 files changed

+145
-16
lines changed

2 files changed

+145
-16
lines changed

.github/dependabot.yml

Lines changed: 35 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -4,30 +4,49 @@
44
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
55

66
version: 2
7+
78
updates:
8-
- package-ecosystem: "npm" # for frontend dependencies
9-
directory: "/src/frontend"
9+
# 1) All frontend (npm) deps in ONE PR
10+
- package-ecosystem: "npm"
11+
directory: "/src/frontend"
1012
schedule:
11-
interval: "monthly"
12-
commit-message:
13-
prefix: "build"
13+
interval: "monthly"
1414
target-branch: "dependabotchanges"
15-
open-pull-requests-limit: 100
16-
17-
- package-ecosystem: "pip" # for backend dependencies
18-
directory: "/src"
15+
open-pull-requests-limit: 10
16+
commit-message:
17+
prefix: "build(deps)"
18+
19+
groups:
20+
all-frontend-deps:
21+
patterns:
22+
- "*"
23+
24+
25+
# 2) All backend (pip) deps in ONE PR
26+
- package-ecosystem: "pip"
27+
directory: "/src"
1928
schedule:
2029
interval: "monthly"
21-
commit-message:
22-
prefix: "build"
2330
target-branch: "dependabotchanges"
24-
open-pull-requests-limit: 100
25-
31+
open-pull-requests-limit: 10
32+
commit-message:
33+
prefix: "build(deps)"
34+
groups:
35+
all-backend-deps:
36+
patterns:
37+
- "*"
38+
39+
# 3) All GitHub Actions in ONE PR
2640
- package-ecosystem: "github-actions"
2741
directory: "/"
2842
schedule:
2943
interval: "monthly"
30-
commit-message:
31-
prefix: "build"
3244
target-branch: "dependabotchanges"
33-
open-pull-requests-limit: 100
45+
open-pull-requests-limit: 10
46+
commit-message:
47+
prefix: "build(deps)"
48+
groups:
49+
all-actions:
50+
patterns:
51+
- "*"
52+

.github/workflows/Scheduled-Dependabot-PRs-Auto-Merge.yml

Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,110 @@
1+
name: Scheduled Dependabot PRs Auto-Merge
2+
3+
on:
4+
schedule:
5+
- cron: '0 0 * * *' # Runs once a day at midnight UTC
6+
workflow_dispatch:
7+
8+
permissions:
9+
contents: write
10+
pull-requests: write
11+
12+
jobs:
13+
merge-dependabot:
14+
runs-on: ubuntu-latest
15+
steps:
16+
- name: Checkout repository
17+
uses: actions/checkout@v4
18+
19+
- name: Install GitHub CLI
20+
run: |
21+
sudo apt update
22+
sudo apt install -y gh
23+
24+
- name: Fetch & Filter Dependabot PRs
25+
env:
26+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
27+
run: |
28+
echo "🔍 Fetching all Dependabot PRs targeting 'dependabotchanges'..."
29+
> matched_prs.txt
30+
pr_batch=$(gh pr list --state open --json number,title,author,baseRefName,url \
31+
--jq '.[] | "\(.number)|\(.title)|\(.author.login)|\(.baseRefName)|\(.url)"')
32+
while IFS='|' read -r number title author base url; do
33+
author=$(echo "$author" | xargs)
34+
base=$(echo "$base" | xargs)
35+
if [[ "$author" == "app/dependabot" && "$base" == "dependabotchanges" ]]; then
36+
echo "$url" >> matched_prs.txt
37+
echo "✅ Matched PR #$number - $title"
38+
else
39+
echo "❌ Skipped PR #$number - $title (Author: $author, Base: $base)"
40+
fi
41+
done <<< "$pr_batch"
42+
echo "👉 Matched PRs:"
43+
cat matched_prs.txt || echo "None"
44+
45+
- name: Rebase PR if Conflicts Exist
46+
if: success()
47+
env:
48+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
49+
run: |
50+
if [[ ! -s matched_prs.txt ]]; then
51+
echo "⚠️ No matching PRs to process."
52+
exit 0
53+
fi
54+
while IFS= read -r pr_url; do
55+
pr_number=$(basename "$pr_url")
56+
echo "🔁 Rebasing PR #$pr_number if conflicts exist"
57+
mergeable=$(gh pr view "$pr_number" --json mergeable --jq '.mergeable')
58+
if [[ "$mergeable" == "CONFLICTING" ]]; then
59+
echo "❌ Merge conflicts detected. Rebasing PR #$pr_number"
60+
gh pr rebase "$pr_url" || echo "❗ Rebase failed."
61+
fi
62+
done < matched_prs.txt
63+
64+
- name: Approve and Auto-Merge if Mergeable
65+
if: success()
66+
env:
67+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
68+
run: |
69+
if [[ ! -s matched_prs.txt ]]; then
70+
echo "⚠️ No matching PRs to process."
71+
exit 0
72+
fi
73+
while IFS= read -r pr_url; do
74+
echo "🔍 Checking mergeability for $pr_url"
75+
pr_number=$(basename "$pr_url")
76+
attempt=0
77+
max_attempts=8
78+
mergeable=""
79+
sleep 5 # Initial delay to allow GitHub to compute mergeability
80+
while [[ $attempt -lt $max_attempts ]]; do
81+
mergeable=$(gh pr view "$pr_number" --json mergeable --jq '.mergeable' 2>/dev/null || echo "UNKNOWN")
82+
echo "🔁 Attempt $((attempt+1))/$max_attempts: mergeable=$mergeable"
83+
if [[ "$mergeable" == "MERGEABLE" ]]; then
84+
echo "✅ PR is mergeable. Approving..."
85+
gh pr review --approve "$pr_url" || echo "❗ Approval failed."
86+
echo "🚀 Enabling auto-merge..."
87+
set -x
88+
merge_output=$(gh pr merge --auto --merge "$pr_url" 2>&1)
89+
merge_status=$?
90+
set +x
91+
echo "$merge_output"
92+
if [[ $merge_status -ne 0 ]]; then
93+
echo "❗ Auto-merge failed. Output: $merge_output"
94+
else
95+
echo "✅ Auto-merge succeeded!"
96+
fi
97+
break
98+
elif [[ "$mergeable" == "CONFLICTING" ]]; then
99+
echo "❌ Cannot merge due to conflicts. Skipping."
100+
break
101+
else
102+
echo "🕒 Waiting for GitHub to determine mergeable status..."
103+
sleep 15
104+
fi
105+
((attempt++))
106+
done
107+
if [[ "$mergeable" != "MERGEABLE" && "$mergeable" != "CONFLICTING" ]]; then
108+
echo "❌ Mergeability undetermined after $max_attempts attempts. Skipping PR #$pr_number"
109+
fi
110+
done < matched_prs.txt || echo "⚠️ Completed loop with some errors, but continuing gracefully."

0 commit comments

Comments
 (0)