Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auto-update confuses dependabot #14

Open
Zemnmez opened this issue Jul 8, 2022 · 5 comments
Open

auto-update confuses dependabot #14

Zemnmez opened this issue Jul 8, 2022 · 5 comments
Assignees

Comments

@Zemnmez
Copy link

Zemnmez commented Jul 8, 2022

Hey there :) this is a really awesome action! only issue is that dependabot stops rebasing its PRs if they have any non-dependabot commits. Is it possible to make this exclude some set of authors?

Example:

zemn-me/monorepo#520

@tibdex
Copy link
Owner

tibdex commented Jul 9, 2022

Hi!

Why do you need dependabot PRs to be rebased by the dependabot app if auto-update already updates them?

@Zemnmez
Copy link
Author

Zemnmez commented Jul 13, 2022

Hi there @tibdex! So Dependabot often gets into situations in which github / git's automatic merging is not possible or not enough. For example, if the main branch updates a dependency lib.js to 1.2.0 and Dependabot wants to modify that same dependency Dependabot's PR becomes not mergable via normal methods, because the lock file is complicated.

Because of this, Dependabot automatically rebases itself against the branch every time it runs, and resolves these issues automatically. In the Javascript ecosysem, tools like npm and yarn detect conflict markers and merge them.

In order to prevent dependabot from breaking a change someone else has contributed to, it stops this logic as soon as it detects any change that isn't from dependabot:

image

This eventually gets dependabot in a broken state where either the normal logic cannot execute to rebase the PR, or as pictured, the change needs to be updated to a new version and it cannot because it contains foreign commits.

Thanks!

@stefreak
Copy link

stefreak commented Aug 23, 2022

@Zemnmez Great explanation why you would want to do that!

You can ignore dependabot changes in your workflow. just change the push trigger to:

push:
  branches-ignore:
    - dependabot/**

Maybe this should be changed in the example workflow.

EDIT: Unfortunately, this is not a working workaround. The auto-update will always paginate through all pull requests. So the filter needs to be implemented in auto-update. Sorry for the confusion

@psteinroe
Copy link

same issue for renovate 👍

@Zemnmez
Copy link
Author

Zemnmez commented Oct 29, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants