I use Dependabot for nearly every project to keep the dependencies up to date automatically.
The problem is, that it creates multiple pull requests when there are various dependencies that need to be upgraded. This is problematic as I use “Push to deploy” in order to deploy code to the servers whenever something is pushed to the main branch of the repository.
So when there are multiple pull requests I had to merge one, wait for the deployment to finish and merge the next one and so on. Regardless the fact this is very time-consuming I also did not want to deploy multiple times to the production server just to update the dependencies.
So when I had to merge multiple Dependabot pull requests I headed over to Envoyer, disabled "Push to deploy", merged the pull requests, re-enabled “Push to deploy” and then I deployed manually.
This just does not feel right …
The updated solution (from 2022)
I've recently changed my Dependabot workflow a bit (again). I've found a better solution that works completely in the browser. So I could merge my Dependabot pull requests on the go.
This GitHub Action Workflow of Hrvey does the trick. The workflow is quite big, so I won't post it here. You can navigate to the repository and follow their installation instructions. The benefit of this workflow: It also checks for status checks of the single Dependabot Pull Requests, and it won't merge Pull Requests with specific labels. But the true winner in my opinion is: I do not need my computer where I have checked out the repository and have the GitHub CLI (plus
gh-combine-prs extension) installed.
The (old) solution
So I went along and installed the extension with:
gh extension install rnorth/gh-combine-prs
And finally I created myself a terminal alias, so I do not need to remember the syntax and parameters each time I want to combine Dependabot pull requests from now on:
alias ghcombine="gh combine-prs --query \"author:app/dependabot\""
That's it! I can now simply run
ghcombine in a GitHub repository folder on my computer in order to combine those Dependabot pull requests into one single "Push to deploy"-friendly pull request.