Honoring changed target branch on rebase #2146
Comments
|
Thanks for this. I'm 100% 👍on it. This is a bit of a niche flow, but Dependabot's domain is small, and it should be able to do its job basically perfectly. It's unexpected that commenting This change isn't totally trivial, however - Dependabot doesn't currently track each pull request's target branch, and will need to start doing so to achieve the above. It also occasionally (ab)uses its rebase logic to deliberately update the target branch on a PR - we'll need to find a smarter solution for that. The work required here is about 4 hours in the main Dependabot backend (which is private). We'll try to pick it up in the next few weeks. |
|
Thanks a lot for the response. I totally see that it's niche and expected the hurdles you mentioned so no hurry. As it can be done manually easily it's more of a quality of life improvement. Just as a side note you might want to consider too Best regards! |
|
Just wanted to say that I bumped into this today also. My target_branch is master, but for some bigger upgrades I'd like to change the target_branch of the dependabot PR to a separate upgrade branch, so I can test the new dependencies in isolation before merging to master. If I change the target branch for the PR manually in GitHub I seem to lose the auto-resolving feature of dependabot (if I do this for multiple dependabot PRs and there are lockfile conflicts). Perhaps this is a niche usecase, but is there any preferred way of handling situations like this? |
|
I agree with @bostrom. I went through the commands, expecting something that would redo the whole process and use the updated branch in the Dependabot dashboard but to no avail. My use-case is Docusaurus, which sends updates for two packages when there is an update to the whole project. My target branch, before updating it was |
Just ran into this today. I will say it is totally not niche, unless I misunderstand how this bot works. The problem is all PRs to my code should be in I don't see how to simply get the same PR into the proper branch. Now its a simple PR and I could just manually do it, but that's not really the point is it? |
|
@jwvanderbeck have you configured the target branch in Dependabot to be |
I just used the normal GitHub options at the top, where you click edit and it lets you change the target branch. Didn't work, Google search led me here :) How do I configure the bot to use a different branch? I don't see anything in the bot commands. |
|
@jwvanderbeck you either use the dashboard or you do put a config file inside your repository. Besides that imho recreate is correctly reseting to the default dependabot target branch. Only rebase should honor the changed branch for the PR. |
|
Ok seems I don't have the dashboard because I never actually signed up for, or added, dependabot. It just submitted a PR automatically from Github because of a security issue. I'll check the config file method. Reason I wanted to do a recreate, on the new branch, was so that CI would run again. |
|
What about allowing the Doing this would be nice: |
infin8x
added
F: pull-requests
definitely interested by this :) |
Is there any update on this? We definitely need something like that. |
|
Currently being burned by this in a not-so-niche use case: 2 interrelated dependencies both published new versions yesterday. ecoAPM/SimpleGPIO#23 depends on ecoAPM/SimpleGPIO#24, which I merged into an "upgrade" branch. I then switched the base branch of ecoAPM/SimpleGPIO#23 to the "upgrade" branch, but there's no way to have Dependabot perform the expected action. I guess I'll just do it manually? |
|
Just blindly merged something to master because dependabot changed target to master. In our workflow we merge everything to a release branch and then we merge them to master. Is that something possible or are we supposed to just merge every pr from dependabot to master directly? |
|
Thought I'd throw my 2 cents in as I'm also having this hinder my workflow. My dependabot configuration target branch is dev for npm packages. But it would seem any PRs raised by dependabot for a security alert are based against master despite the configuration (which I can kind of understand) whereas my development dependencies like sinon for instance have their dependabot PRs raised against the dev branch as expected. |
|
This is one of those forever issues, apparently? I can't add much to the conversation that hasn't been said already, I'm basically just commenting to add my vote that the branch handling of dependabot, especially for security updates which ignores your config, could be improved. |
|
+1 for |
|
+1 for @dependabot rebase |
|
+1 for |
|
+1 for |
You are able to change the target branch for pull requests on Github and when dependabot rebases the PR it defaults back to the original branch. It would be great if dependabot honors the changed target branch for rebase etc. as it would come in usefull for major updates in dependencies. For example the recent angular 8 launch caused 10+ dependencies to be updated for a project all at once with breaking changes on some projects coming from angular 7.
I created a angular 8 migration branch for test purposes and it would be great if you could redirect those Dependency PRs from dependabot this way to another branch without manual merging.
Have a nice day and thanks a lot for a great product!
The text was updated successfully, but these errors were encountered: