Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(mergify): automatically merge bot dependency upgrades #1420

Merged
merged 3 commits into from
Apr 28, 2021

Conversation

liangyuanruo
Copy link
Contributor

@liangyuanruo liangyuanruo commented Apr 28, 2021

This PR instructs the mergify bot to automatically merge pull requests from

  1. dependabot
  2. Snyk.io

Pull requests are automatically merged if

  1. The proposed upgrade is a non-major version change (dependabot only)
  2. All existing CI checks pass

Closes #1418

@LoneRifle
Copy link
Contributor

I had a think about this - I want to try to dump all the dependabot-related commits into its own branch, so mergify should be directed to accommodate that too. Given that there is other work that goes on in develop, we should incorporate the Auto Update GitHub Action too.

With that in place, we can squash and merge dependency updates just once per release cycle, prior to pre-release testing. This gives us the automation from mergify while also keeping commit log noise to a minimum.

wdyt?

This PR instructs the mergify bot to automatically merge pull requests from

1. dependabot
2. Snyk.io

Pull requests are automatically merged if

1. The proposed upgrade is a non-major version change
2. All existing CI checks pass

Closes #1418
@liangyuanruo
Copy link
Contributor Author

@LoneRifle don't merge yet, testing rule validity

@liangyuanruo
Copy link
Contributor Author

@LoneRifle don't merge yet, testing rule validity

ok it should be good to go

@mantariksh
Copy link

as per Forms, we can actually rely on branch protections to ensure that PRs don't get merged unless all CI checks pass, rather than having to keep the mergify config in sync with the CI steps

@liangyuanruo
Copy link
Contributor Author

as per Forms, we can actually rely on branch protections to ensure that PRs don't get merged unless all CI checks pass, rather than having to keep the mergify config in sync with the CI steps

Although you're right that it won't affect this repository, it's possible that someone cloning the repository will not configure their branch protections properly. Usually explicit is better than implicit, and we should also avoid relying on side effects.

Copy link
Contributor

@LoneRifle LoneRifle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

eh, lgtm.

@mantariksh
Copy link

@liangyuanruo okay, but tbh sounds like a lot of work just to optimise for a hypothetical person cloning the repo

@liangyuanruo liangyuanruo merged commit a655baf into develop Apr 28, 2021
@liangyuanruo liangyuanruo deleted the feat/mergify branch April 28, 2021 06:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Use mergify to automatically approve and merge automated PRs
3 participants