Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configuring by file so that dependabot creates draft pull requests #9169

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Allow configuring by file so that dependabot creates draft pull requests #9169

wants to merge 1 commit into from

Conversation

hfvmarques
Copy link

@hfvmarques hfvmarques commented Feb 29, 2024
edited

Description

What?

This PR adds the possibility that, on dependabot.yml file, the user can choose if dependabot creates draft pull requests by default instead of review for review ones

Why?

Depending on the repository, dependabot creates a lot of pull requests that, not necessarily, gets reviewed immediately. So they stay there ready for review until someone goes, analyse the changelog of the dependency and then decides to approve it or merge it.

How?

  • changing the file parser so that it knows how to identify this new parameter, which is draft: true,
  • changing github pull request creator so that it creates the pull request with draft: false by default;
  • changing github pull request creator so that it creates a pull request with draft: true if that's the case;

Tests

  • Automated;
  • Manual.

Observations

I don't know to test this manually and would appreciate if someone could help me with it.
This is my first PR in this repo so I hope it's OK the way that I described it and the changes I made in code.

Resolves #1291

@hfvmarques hfvmarques requested a review from a team as a code owner February 29, 2024 14:56
@yeikel
Copy link
Contributor

yeikel commented Mar 14, 2024

Hey there, I think that your "Why" is not strong enough

Dependabot supports open-pull-requests-limit for this

I believe that this is very limited use case and you can probably accomplish this using a custom Gh action workflow in the meantime. Ie : if user == dependabot -> set the pr as draft

@hfvmarques
Copy link
Author

Hey there, I think that your "Why" is not strong enough

Dependabot supports open-pull-requests-limit for this

I believe that this is very limited use case and you can probably accomplish this using a custom Gh action workflow in the meantime. Ie : if user == dependabot -> set the pr as draft

Yeah, sure, I could accomplish it in other ways, and that's what makes development beautiful.

But why not give that opportunity and ease? Dependabot has a lot of ways to do a lot of things, including what you suggested with the pull request limit, and that's a strangle in my opinion.

I think that the possibility to open draft pull requests should be available. But I'm not the one that makes decisions here.

@yeikel
Copy link
Contributor

yeikel commented Mar 15, 2024

Hey there, I think that your "Why" is not strong enough

Dependabot supports open-pull-requests-limit for this

I believe that this is very limited use case and you can probably accomplish this using a custom Gh action workflow in the meantime. Ie : if user == dependabot -> set the pr as draft

Yeah, sure, I could accomplish it in other ways, and that's what makes development beautiful.

But why not give that opportunity and ease? Dependabot has a lot of ways to do a lot of things, including what you suggested with the pull request limit, and that's a strangle in my opinion.

I think that the possibility to open draft pull requests should be available. But I'm not the one that makes decisions here.

The problem is that, as I mentioned, the "why" is not strong enough. Just because a pull request is created, it doesn't make it compulsory to be reviewed and merged. It is perfectly fine and valid to leave pull requests open and not review them immediately when they are created by bots

More configuration options are not necessarily better as it can lead to feature creep, so let's wait and see what the community thinks

@hfvmarques
Copy link
Author

The problem is that, as I mentioned, the "why" is not strong enough. Just because a pull request is created, it doesn't make it compulsory to be reviewed and merged. It is perfectly fine and valid to leave pull requests open and not review them immediately when they are created by bots

More configuration options are not necessarily better as it can lead to feature creep, so let's wait and see what the community thinks

You're correct. I should've raised this discussion as an issue before going into coding.

@hfvmarques hfvmarques mentioned this pull request Mar 21, 2024
Open
@hfvmarques
Copy link
Author

@yeikel there is an issue for this already #1291

@yeikel
Copy link
Contributor

yeikel commented Mar 22, 2024

@yeikel there is an issue for this already #1291

Ah, thanks for the context. It seems that there are more use cases to justify this

Let's see what the dependabot thinks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Configure dependabot to create draft PRs
2 participants
@hfvmarques @yeikel