Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Be able to configure PR description suffix #2091

Open
addison-grant opened this issue Nov 5, 2019 · 8 comments
Open

Be able to configure PR description suffix #2091

addison-grant opened this issue Nov 5, 2019 · 8 comments
Labels
F: configuration-file F: pull-requests Issues about Dependabot pull requests T: feature-request Requests for new features

Comments

@addison-grant
Copy link

In our organization, we parse text in pull descriptions and comments for keywords that are used in our review process. It would be nice if we could automatically add some keywords for dependabot PR descriptions.

For example, dependabot created this PR description:

Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2.
<details>
<summary>Commits</summary>

- [`754f0c2`](https://github.com/jonschlinkert/mixin-deep/commit/754f0c20e1bc13ea5a21a64fbc7d6ba5f7b359b9) 1.3.2
- [`90ee1fa`](https://github.com/jonschlinkert/mixin-deep/commit/90ee1fab375fccfd9b926df718243339b4976d50) ensure keys are valid when mixing in values
- See full diff in [compare view](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2)
</details>
<details>
<summary>Maintainer changes</summary>

This version was pushed to npm by [doowb](https://www.npmjs.com/~doowb), a new releaser for mixin-deep since your current version.
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mixin-deep&package-manager=npm_and_yarn&previous-version=1.3.1&new-version=1.3.2)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/iFixit/formy/network/alerts).

</details>

I would like to be able to customize this, or be able to suffix it with


[custom suffix string]

Maybe something like

version: 1
update_configs:
  - package_manager: "javascript"
    directory: "/"
    update_schedule: "daily"
    pr_description:
        suffix: "\nmy custom suffix string"

Hope that makes sense!
@addison-grant
Copy link
Author

addison-grant commented Nov 5, 2019
edited by jeffwidman
Loading

This would probably work for us, too: #2211. I wasn't sure if that or this would be easier to implement.

@rebelagentm
Copy link
Contributor

Thanks for submitting this! We're pretty swamped at the moment, but we'll take this under consideration as soon as we can.

@addison-grant
Copy link
Author

Sounds good

@boomboompower
Copy link

Any updates on this?

@infin8x infin8x transferred this issue from dependabot/feedback Jun 29, 2020
@infin8x infin8x added F: pull-requests Issues about Dependabot pull requests T: feature-request Requests for new features labels Jul 20, 2020
@TheRealWaldo
Copy link

We're also in a position where having a PR and commit message suffix would allow us to use dependabot without changing our messaging standards.

@TheRealWaldo TheRealWaldo mentioned this issue Nov 18, 2020
Closed
@addison-grant
Copy link
Author

I didn't see #1446 before. @TheRealWaldo, I mentioned in a comment above https://github.com/dependabot/feedback/issues/287 as another thing that would solve this, maybe in a more general way.

@TheRealWaldo
Copy link

TheRealWaldo commented Nov 18, 2020
edited
Loading

@addison-grant agreed, could work, but likely to be much more work (and a much longer wait) than adding a suffix field.

@lavigne958
Copy link

Hi, I'll be very interested too in a configuration entry for dependabot to post a new comment in the PR when it opens a new PR, we parse PR comments too.

In our case we don't parse the first message that opens the PR but any message that comes after.

Thank you guys in advance if you could plan that new feature 🙂

flub pushed a commit to getsentry/symbolicator that referenced this issue Mar 9, 2022
ci(danger): Do not require changelogs from dependabot
47574ae 
For plain dependency upgrades that require not changes we normally do
not need any changelog entries.  But not having them fails CI which
renders every dependabot PR a huge hassle.

Sadly we can not customise the dependabot PRs to add a #skip-changelog
marker (see e.g.
dependabot/dependabot-core#2091), so lets
resort to changing the check instead.

There is a risk that someone pushes some changes to such a PR that
does require a changelog.  Hopefully we'll recognise this and do the
right thing anyway.
@flub flub mentioned this issue Mar 9, 2022
Merged
@adambirds adambirds mentioned this issue Apr 7, 2023
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
F: configuration-file F: pull-requests Issues about Dependabot pull requests T: feature-request Requests for new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jeffwidman @infin8x @rebelagentm @TheRealWaldo @addison-grant @boomboompower @lavigne958