npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@openish-u/dependabot-pr-manager

v5.0.1

Published

A script to manager Dependabot PRs

Downloads

92

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

open-ish72open-ish72

Keywords

pull requestdependabot

Readme

dependabot-pr-manager

Installation

Install it on devDependencies. Ex:

Are you reading this on npm? Check out the full and updated documentation on GitHub.

npm i @openish-u/dependabot-pr-manager --save-dev

Motivation

dependabot-pr-manager is a utility to manage dependabot PRs. It groups DependaBot PRs on the repository and creates a PR with the updated dependencies. It is useful when you have multiple dependabot PRs and you want to merge them all at once.

What does it do?

dependabot-pr-manager has two main scripts: merge-dependabot-pr and close-dependabot-prs.

  • the merge-dependabot-prs groups all Dependabot PRs into a single PR. So, it do not merge it automatically, giving you the opportunity to review/update the changes before merging.
  • the close-dependabot-prs close all Dependabot prs

See the How to Use section for more information on how to use the dependabot-pr-manager library in your CI pipeline.

How to Use

You can use the dependabot-pr-manager library in your CI pipeline to automatically manage and merge Dependabot PRs. Below is an example of how to set up a GitHub Action to run the dependabot-pr-manager script on the first day of every month (at 09am UTC time) and allow manual triggering via a GitHub button. Additionally, it includes a job to close the Dependabot PRs when the created PR is commented with "[dependabot-pr-manager] close prs".

file example: .github/workflows/dependabot-pr-manager.yml

name: Merge and Close Dependabot PRs

on:
  schedule:
    - cron: '0 9 * * 1' # Runs at 09am (UTC) on the first day of every month (useful if your dependabot runs monthly in the first day at 08am). Change to fit your needs.
  workflow_dispatch: # Allows manual triggering via GitHub button
  issue_comment:
    types: [created]

jobs:
  merge-dependabot-prs:
    if: github.event_name == 'workflow_dispatch' || github.event_name == 'schedule'
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Set up Node.js
        uses: actions/setup-node@v2
        with:
          node-version: '18'

      - name: Install Yarn
        run: npm install -g yarn

      - name: Install dependencies
        run: yarn install

      - name: Set up Git
        run: |
          git config --global user.name "dependabot[bot]" # change to it to be the user that will merge the PRs 
          git config --global user.email "49699333+dependabot[bot]@users.noreply.github.com" # change to it to be the user that will merge the PRs

      - name: Run merge-dependabot-prs
        run: |
          npx merge-dependabot-prs \
            --repoUrl=https://github.com/open-ish/utility.git \
            --combinedBranch=ci/combined-dependabot-updates \
            --mainBranch=main \
            --githubToken=${{ secrets.YOUR_GIT_HUB_TOKEN }} \
            --repoOwner=open-ish \
            --repoName=utility

  close-dependabot-prs:
    if: github.event.issue.pull_request && contains(github.event.comment.body, '[dependabot-pr-manager] close prs')
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2

      - name: Set up Node.js
        uses: actions/setup-node@v2
        with:
          node-version: '18'

      - name: Install Yarn
        run: npm install -g yarn

      - name: Install dependencies
        run: yarn install

      - name: Run close-dependabot-prs
        run: |
          npx close-dependabot-prs \
            --githubToken=${{ secrets.YOUR_GIT_HUB_TOKEN }} \
            --repoOwner=open-ish \
            --repoName=utility
  • merge-dependabot-prs Job: This job runs the merge-dependabot-prs script to group Dependabot PRs into one.
  • close-dependabot-prs Job: This job runs the close-dependabot-prs script to close the Dependabot PRs when the pull request created from dependabot-pr-manager be commented with '[dependabot-pr-manager] close prs'.

Package params

  • --repoUrl(required): The repository URL;
  • --combinedBranch(required): The branch that will be created with the combined PRs;
  • --mainBranch(required): The main branch of the repository;
  • --githubToken(required): The GitHub token;
  • --repoOwner(required): The repository owner;
  • --repoName(required): The repository name;
  • installDepsCommand: The command to install the dependencies. Default: yarn install
  • filesToCommit: Files to be committed on the pull request. Default: package.json yarn.lock

Examples

See this PR example

The PR

  • Grouping Dependabot PRs

Grouping Dependabot PRs

  • Closing Dependabot PRs after comment [dependabot-pr-manager] close prs

Closing Dependabot PRs