Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow fetch-metadata to run on a PR even if it has additional commits… #166

Merged
merged 2 commits into from
Feb 28, 2022

Conversation

mwaddell
Copy link
Contributor

…, as long as the 0th one was added by dependabot and is verified.

…, as long as the 0th one was added by dependabot and is verified.
@mwaddell mwaddell requested a review from a team as a code owner February 26, 2022 19:42
@phillipuniverse
Copy link

Just started seeing this on my PRs as well with the latest 1.2.1 on a PR that I had a new commit on top of:

Warning: It looks like this PR has contains commits that aren't part of a Dependabot update. Try using '@dependabot rebase' to remove merge commits or '@dependabot recreate' to remove any non-Dependabot changes.
Error: PR is not from Dependabot, nothing to do.

image

IMO the existing warning makes a lot of sense, very informative. Just would be nice to not error and instead ignore it. I see the conversation on #137 (comment) about it too.

For completeness, my GitHub action:

name: Dependabot auto-approve
on: pull_request_target
permissions:
  pull-requests: write

# From the docs at https://github.com/dependabot/fetch-metadata#enabling-auto-merge
jobs:
  dependabot:
    runs-on: ubuntu-latest
    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
    steps:
      - name: Dependabot metadata
        id: metadata
        uses: dependabot/[email protected]
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"
      - name: Auto-approve minor or patch updates
        if: |
          steps.metadata.outputs.update-type == 'version-update:semver-minor'
                || steps.metadata.outputs.update-type == 'version-update:semver-patch'
        run: gh pr review --approve "$PR_URL"
        env:
          PR_URL: ${{github.event.pull_request.html_url}}
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

Copy link
Contributor

@brrygrdn brrygrdn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per discussion here, this check is highly defensive and it doesn't make sense to maintain it as it's causing friction in a lot of normal usage patterns, not least including just updating with the target branch via the UI.

Let's remove it as it's hindering more than it is helping.

@brrygrdn brrygrdn merged commit a30bbbb into dependabot:main Feb 28, 2022
@brrygrdn brrygrdn mentioned this pull request Feb 28, 2022
@mwaddell mwaddell deleted the allow-other-commits branch March 1, 2022 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants