feat: add dependabot-rebase workflow#125
Conversation
Triggers on push to main and comments @dependabot rebase on any Dependabot PRs that have fallen behind, unblocking auto-merge when strict status checks are enabled. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughAdded a GitHub Actions workflow that automatically triggers Dependabot to rebase pull requests when they fall behind the main branch. The workflow generates a GitHub App token, identifies open Dependabot PRs, calculates how far behind each is, and posts a rebase command for those needing updates. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
There was a problem hiding this comment.
Pull request overview
Adds automation to keep Dependabot PRs up-to-date after merges to main, helping unblock auto-merge when branch protection requires strict up-to-date checks.
Changes:
- Introduces a new GitHub Actions workflow that runs on pushes to
main. - Uses a GitHub App token to detect open Dependabot PRs that are behind and posts
@dependabot rebaseto trigger rebases.
| fi | ||
|
|
||
| while IFS=' ' read -r PR_NUMBER HEAD_REF; do | ||
| BEHIND=$(gh api "repos/$REPO/compare/main...$HEAD_REF" \ |
There was a problem hiding this comment.
HEAD_REF can contain slashes for Dependabot branches (e.g. dependabot/github_actions/...). In the compare API call, the head ref is part of the URL path, so unescaped / will break the request and leave BEHIND empty (causing the step to fail or skip rebases). URL-encode HEAD_REF (or switch to an API/GraphQL lookup that doesn’t require embedding the ref in the path) before calling repos/$REPO/compare/....
| BEHIND=$(gh api "repos/$REPO/compare/main...$HEAD_REF" \ | |
| ENCODED_HEAD_REF=$(python3 -c 'import sys, urllib.parse; print(urllib.parse.quote(sys.argv[1], safe=""))' "$HEAD_REF") | |
| BEHIND=$(gh api "repos/$REPO/compare/main...$ENCODED_HEAD_REF" \ |
| echo "PR #$PR_NUMBER ($HEAD_REF) is $BEHIND commit(s) behind — requesting rebase" | ||
| gh pr comment "$PR_NUMBER" --repo "$REPO" \ | ||
| --body "@dependabot rebase" |
There was a problem hiding this comment.
This will add a new @dependabot rebase comment on every push to main while a PR remains behind, which can spam PR timelines. Consider making the operation idempotent (e.g., edit the last bot comment instead of creating a new one, or check for an existing recent @dependabot rebase comment before posting).
| echo "PR #$PR_NUMBER ($HEAD_REF) is $BEHIND commit(s) behind — requesting rebase" | |
| gh pr comment "$PR_NUMBER" --repo "$REPO" \ | |
| --body "@dependabot rebase" | |
| EXISTING_REBASE_COMMENT=$(gh api "repos/$REPO/issues/$PR_NUMBER/comments?per_page=100" \ | |
| --jq 'map(select(.body == "@dependabot rebase")) | length') | |
| if [[ "$EXISTING_REBASE_COMMENT" -gt 0 ]]; then | |
| echo "PR #$PR_NUMBER ($HEAD_REF) is $BEHIND commit(s) behind — rebase already requested" | |
| else | |
| echo "PR #$PR_NUMBER ($HEAD_REF) is $BEHIND commit(s) behind — requesting rebase" | |
| gh pr comment "$PR_NUMBER" --repo "$REPO" \ | |
| --body "@dependabot rebase" | |
| fi |



Summary
dependabot-rebase.ymlworkflow that triggers on push tomainand comments@dependabot rebaseon behind Dependabot PRsstrict: truebranch protectionTest plan
@dependabot rebaseon PR chore(deps): bump SonarSource/sonarqube-scan-action from 7.0.0 to 7.1.0 #114🤖 Generated with Claude Code
Summary by CodeRabbit