Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add Github action to auto merge dependabot and pyup security updates if all tests pass.

See original GitHub issue

Description

What are you proposing? How should it be implemented?

I propose to add a new GitHub action or job that will auto merge pull requests from the pyup bot and the dependabot should the PR so created has no merge conflicts with master and all tests also pass.

This will be very similar to how pre-commit tool versions in the repo root are kept up to date.

Rationale

Why should this feature be implemented?

This would make updating requirements easier and more automated and would likely also make the project more secure. The tests are used to make the decision to merge updates from dependabot and pyup right now anyway.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
Andrew-Chen-Wangcommented, Sep 28, 2020

@browniebroke You can just go into GitHub marketplace and add dependabot-preview. Then you can select the repo, select which requirements files you want, choose the labels you want, and it’ll auto update, just like how pyup does it. You can see the outcome here where dependabot just litters my repo with updates to botocore and boto3 lmao.

You can find more info on configuring the auto merge here: https://dependabot.com/docs/config-file/#automerged_updates

If I’m not wrong, since GitHub bought dependabot, I think you don’t even need to register in dependabot. You can just create their .dependabot.yaml file… somewhere… I can’t remember.

0reactions
Andrew-Chen-Wangcommented, Nov 2, 2020

I think this issue can be closed with the comments from #2872

Read more comments on GitHub >

github_iconTop Results From Across the Web

Automating Dependabot with GitHub Actions
This branch protection rule ensures that pull requests are not merged unless all the required status checks pass.
Read more >
Automating dependency updates with Dependabot, GitHub ...
This tutorial shows how to set up a workflow to automatically merge low-risk dependency updates while streamlining the process to fix and ...
Read more >
Setting up Dependabot with GitHub actions to approve and ...
The auto-merge setting for GitHub PRs is only useful for PRs that are not already passing all status checks. I do not know...
Read more >
An Exploratory Study on GitHub Dependabot - arXiv
update PRs, automatically merge update PRs under certain conditions, and support more package ... der certain conditions (e.g., when all project tests pass....
Read more >
Automating Dependency Updates in Practice: An Exploratory ...
Automated Dependency Update [DependabotConfig] : If a configuration file named dependabot.yml is added to a GitHub repository, Dependabot ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[bug] Pre-commit hooks errors on first commit

Next page

The container name "/postgres" is already in use by container "*"