Merge Dependabot PRs instead of closing

This PR changes the way Dependabot PR's appear in a repository history. Currently their changes are applied only to the base branch and the PR itself is closed. Instead of closing the PR we can reset its branch to the updated base branch. Github will detect this change and mark the PR as "merged" instead of "closed". This technique has been tested on my personal repo: https://github.com/copernik-eu/log4j-plugins/actions/runs/7219181183
apache · Dec 15, 2023 · 4691d0b · 4691d0b
1 parent 6aa28cb
commit 4691d0b
Showing 1 changed file with 21 additions and 25 deletions.
diff --git a/.github/workflows/merge-dependabot-reusable.yaml b/.github/workflows/merge-dependabot-reusable.yaml
@@ -55,20 +55,12 @@ jobs:
           DEPENDENCY_NAMES: ${{ steps.dependabot-metadata.outputs.dependency-names }}
           DEPENDENCY_VERSION: ${{ steps.dependabot-metadata.outputs.new-version }}
 
-      - name: Download patch
-        shell: bash
-        run: wget "$PATCH_URL" -O /tmp/patch
-        env:
-          PATCH_URL: ${{ github.event.pull_request.patch_url }}
-
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11   # 4.1.1
         with:
-          ref: ${{ steps.dependabot-metadata.outputs.target-branch }}
-
-      - name: Apply patch
-        shell: bash
-        run: git apply /tmp/patch
+          ref: ${{ github.head_ref }}
+          # Must include the merge-base between head and target branch.
+          depth: 32
 
       - name: Set up Java & GPG
         uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93   # 4.0.0
@@ -83,6 +75,18 @@ jobs:
           server-password: NEXUS_PASSWORD
           gpg-private-key: ${{ secrets.GPG_SECRET_KEY }}
 
+      - name: Rebase onto ${{ github.base_ref }}
+        shell: bash
+        run: |
+          git config user.name "ASF Logging Services RM"
+          git config user.email [email protected]
+          # Prepare commit
+          git fetch origin "+refs/heads/$BASE:refs/remotes/origin/$BASE"
+          git rebase "origin/$BASE"
+          git reset HEAD~1
+        env:
+          BASE: ${{ github.base_ref }}
+
       - name: Find the release version major
         shell: bash
         run: |
@@ -127,18 +131,10 @@ jobs:
       - name: Add & commit changes
         shell: bash
         run: |
-          git add .
-          git config user.name "ASF Logging Services RM"
-          git config user.email [email protected]
-          git commit -S -a -m "Update \`$DEPENDENCY_NAME\` to version \`$DEPENDENCY_VERSION\` (#$PR_ID)"
-          git push origin
-          COMMIT_ID=$(git rev-parse HEAD)
-          echo "COMMIT_ID=$COMMIT_ID" >> $GITHUB_ENV
+          git commit -S --amend -a -m "Update \`$DEPENDENCY_NAME\` to version \`$DEPENDENCY_VERSION\` (#$PR_ID)"
+          # First push to base branch
+          git push origin "HEAD:$BASE"
+          # Update PR branch: Github will close it and mark as merged
+          git push -f
         env:
-          PR_ID: ${{ github.event.pull_request.number }}
-
-      - name: Close the PR
-        run: gh pr close "$PR_URL" -c "Changes are applied by CI in $COMMIT_ID"
-        env:
-          PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          BASE: ${{ github.base_ref }}