Skip to content

Add Dependabot auto-merge workflow and migration script#466

Merged
Marenz merged 3 commits intofrequenz-floss:v0.x.xfrom
Marenz:auto-dependabot-merge
Nov 19, 2025
Merged

Add Dependabot auto-merge workflow and migration script#466
Marenz merged 3 commits intofrequenz-floss:v0.x.xfrom
Marenz:auto-dependabot-merge

Conversation

@Marenz
Copy link
Contributor

@Marenz Marenz commented Nov 11, 2025
edited
Loading

Summary

  • Adds auto-merge workflow for Dependabot PRs using frequenz-floss/dependabot-auto-approve action
  • Includes migration script to create workflow file and disable CODEOWNERS review requirement via GitHub API
  • Splits changes into two commits: reset migration script to template, then add new migration steps

Changes

First commit: Reset cookiecutter/migrate.py to template, removing old migration steps

Second commit:

  • Add create_dependabot_auto_merge_workflow() function
  • Add disable_codeowners_review_requirement() function to update GitHub rulesets
  • Include workflow template in cookiecutter
  • Regenerate golden test files

@Marenz Marenz requested a review from a team as a code owner November 11, 2025 18:37
@github-actions github-actions bot added the part:template Affects the cookiecutter template files label Nov 11, 2025
@Marenz Marenz changed the title auto dependabot merge Add Dependabot auto-merge workflow and migration script Nov 11, 2025
Copilot AI reviewed Nov 11, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds Dependabot auto-merge functionality to streamline dependency updates. It creates a GitHub Actions workflow to automatically merge Dependabot PRs and updates the migration script to create this workflow and disable the CODEOWNERS review requirement for automated merges.

Key changes:

  • Added new auto-dependabot.yaml workflow for automatic Dependabot PR merging
  • Updated migration script to create the workflow and modify GitHub ruleset settings
  • Added/updated lockfile (uv.lock) with project dependencies

Reviewed Changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 5 comments.

File Description
uv.lock Added complete dependency lockfile with pinned versions
auto-dependabot.yaml (multiple) New GitHub Actions workflow for auto-merging Dependabot PRs
cookiecutter/migrate.py Refactored migration script to create auto-merge workflow and disable CODEOWNERS requirement

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Marenz Marenz force-pushed the auto-dependabot-merge branch from 7000fbf to 3759886 Compare November 11, 2025 18:41
@Marenz Marenz requested a review from llucax November 11, 2025 18:41
@Marenz Marenz force-pushed the auto-dependabot-merge branch from 3759886 to 12291ef Compare November 12, 2025 15:23
@Marenz
Copy link
Contributor Author

Marenz commented Nov 18, 2025
edited
Loading

While testing in the FCR Repo I found it still didn't work and added the fix you see here, after which it finally worked

@Marenz Marenz force-pushed the auto-dependabot-merge branch from 6f887e0 to c3d5f4d Compare November 18, 2025 09:08
@Marenz
Copy link
Contributor Author

Marenz commented Nov 18, 2025
edited
Loading

Adds auto-merge: 'true' to the Dependabot workflow template.

Migration script fixes:

  • Was skipping existing files instead of updating them
  • Was matching job name auto-merge: instead of parameter auto-merge: 'true'
  • Only checked auto-dependabot.yaml, now searches all workflow files

The script writes the updated workflow file directly - users still need to review, commit with DCO+GPG, and create a PR.

@Marenz Marenz force-pushed the auto-dependabot-merge branch 2 times, most recently from ef2b370 to b9b8def Compare November 18, 2025 09:22
@Marenz
Reset migration script to template
0dcf7c2 
Signed-off-by: Mathias L. Baumann <mathias.baumann@frequenz.com>
llucax
llucax reviewed Nov 18, 2025
View reviewed changes
@Marenz Marenz force-pushed the auto-dependabot-merge branch from b9b8def to 94439fc Compare November 18, 2025 13:34
@github-actions github-actions bot added the part:ci Affects the GitHub workflow and other parts for running CI label Nov 18, 2025
@Marenz
Copy link
Contributor Author

Marenz commented Nov 18, 2025

Updated the branch with some refactoring and cleanup:

  • Refactored the migration script by extracting helper functions (get_default_branch(), find_version_branch_ruleset(), update_ruleset()) for better code organization and error handling
  • Improved error messages with proper manual_step() calls that provide direct GitHub settings URLs when API operations fail
  • Standardized the Dependabot workflow formatting across all templates and golden test files (consistent naming, label changed to tool:auto-merged, YAML formatting)
  • Fixed the release notes - they were accidentally removed in the previous iteration, now properly documenting the new auto-merge feature
  • Removed uv.lock that shouldn't have been committed

llucax
llucax previously approved these changes Nov 19, 2025
View reviewed changes
Copy link
Contributor

@llucax llucax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 small comments, feel free to force-merge if you want to fix them.

cookiecutter/{{cookiecutter.github_repo_name}}/.github/workflows/auto-dependabot.yaml Outdated
- name: Auto-merge Dependabot PR
uses: frequenz-floss/dependabot-auto-approve@3cad5f42e79296505473325ac6636be897c8b8a1 # v1.3.2
with:
github-token: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
Copy link
Contributor

@llucax llucax Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: To avoid any other issues with template interpretation, other workflows actually just wrap the whole file between {% raw %} and {% endraw %}, maybe it would be better to do it in this file too, as it would be rare that we want to use any other template features in it.

cookiecutter/migrate.py Outdated
Comment on lines +167 to +168
except subprocess.CalledProcessError:
return False
Copy link
Contributor

@llucax llucax Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: Print the exception for more context of why it failed?

@llucax llucax added this to the v0.14.0 milestone Nov 19, 2025
This was linked to issues Nov 19, 2025
Auto-merge dependabot updates passing tests #287
Closed
Add auto-dependabot.yaml workflow to repo-config and migrate script #465
Closed
@Marenz
Add Dependabot auto-merge workflow and CODEOWNERS bypass
83bec3e 
- Add auto-dependabot.yaml workflow to auto-merge Dependabot PRs
- Implement migration script functions to create workflow files
- Add GitHub API integration to disable CODEOWNERS review requirement
- Update all cookiecutter templates and golden test files

Signed-off-by: Mathias L. Baumann <mathias.baumann@frequenz.com>
@Marenz
Add release notes for Dependabot auto-merge feature
688abed 
Signed-off-by: Mathias L. Baumann <mathias.baumann@frequenz.com>
@Marenz Marenz force-pushed the auto-dependabot-merge branch from 1693937 to 688abed Compare November 19, 2025 10:56
@Marenz Marenz merged commit 4b1aa9a into frequenz-floss:v0.x.x Nov 19, 2025
6 checks passed
@Marenz Marenz deleted the auto-dependabot-merge branch November 19, 2025 11:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@llucax llucax llucax left review comments

@daniel-zullo-frequenz daniel-zullo-frequenz Awaiting requested review from daniel-zullo-frequenz daniel-zullo-frequenz is a code owner automatically assigned from frequenz-floss/python-sdk-team

Assignees

No one assigned

Labels

part:ci Affects the GitHub workflow and other parts for running CI part:template Affects the cookiecutter template files

Projects

None yet

Milestone

v0.14.0

Development

Successfully merging this pull request may close these issues.

Add auto-dependabot.yaml workflow to repo-config and migrate script Auto-merge dependabot updates passing tests

3 participants

@Marenz @llucax