Skip to content

fix: improve dependabot auto-merge with better error handling #863

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-bot merged 4 commits into from
Dec 24, 2025
Merged

fix: improve dependabot auto-merge with better error handling #863

openshift-merge-bot merged 4 commits into from
Dec 24, 2025

Conversation

@MitaliBhalla
Copy link
Contributor

@MitaliBhalla MitaliBhalla commented Dec 9, 2025

What type of PR is this?

  • fix (Bug Fix)
  • feat (New Feature)
  • docs (Documentation)
  • test (Test Coverage)
  • chore (Clean Up / Maintenance Tasks)
  • other (Anything that doesn't fit the above)

What this PR does / Why we need it?

  • Use sGitHub API directly instead of gh CLI
  • Adds detailed error logging and fallback behavior
  • Adds informative comments to PRs when auto-merge fails
  • Don't fail workflow if auto-merge permissions are insufficient

Pre-checks (if applicable)

  • [x ] Ran unit tests locally
  • Validated the changes in a cluster
  • Included documentation changes with PR
  • Backward compatible

/label tide/merge-method-squash

@openshift-ci openshift-ci bot added the tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. label Dec 9, 2025
@openshift-ci openshift-ci bot requested review from a7vicky and feichashao December 9, 2025 02:59
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 9, 2025
@MitaliBhalla MitaliBhalla force-pushed the fix-dependabot-permissions branch 2 times, most recently from c2e20c5 to 9456fce Compare December 9, 2025 03:01
@codecov-commenter
Copy link

codecov-commenter commented Dec 9, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 52.91%. Comparing base (c4b48ed) to head (e8bbd0e).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #863   +/-   ##
=======================================
  Coverage   52.91%   52.91%           
=======================================
  Files          86       86           
  Lines        6525     6525           
=======================================
  Hits         3453     3453           
  Misses       2610     2610           
  Partials      462      462
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

feichashao
feichashao reviewed Dec 9, 2025
View reviewed changes
a7vicky
a7vicky reviewed Dec 19, 2025
View reviewed changes
a7vicky
a7vicky reviewed Dec 19, 2025
View reviewed changes
@MitaliBhalla
fix: improve dependabot auto-merge workflow
ff4340f 
- Add missing checkout step to fix 'fatal: not a git repository' error
- Add required permissions (metadata: read, actions: read) for auto-merge
- Improve error handling with GitHub API and graceful fallback behavior
- Add informative comments to PRs when auto-merge fails due to permissions
- Ensure workflow doesn't fail when auto-merge permissions are insufficient

Fixes dependabot auto-merge workflow failures and provides better user experience.
@MitaliBhalla
fix: restrict dependabot workflow to upstream repository only
47c752f 
- Add repository check to prevent workflow from running on forks
- Fixes unwanted failure notifications on personal forks
- Ensures workflow only runs on openshift/backplane-cli where intended
@MitaliBhalla
security: improve token handling in dependabot workflow
4a2455d 
- Use environment variable reference instead of direct secret interpolation
- Add explicit comments about automatic token masking
- Add silent flag to curl commands to reduce log verbosity
- Addresses security concerns about token exposure in public repo logs

Co-authored-by: feichashao
@MitaliBhalla
refactor: remove API version header from GitHub API calls
e8bbd0e 
- Remove X-GitHub-Api-Version header to avoid version binding
- GitHub REST API is backward compatible and version header is optional
- Simplifies API calls and reduces maintenance overhead
@MitaliBhalla MitaliBhalla force-pushed the fix-dependabot-permissions branch from 6f17572 to e8bbd0e Compare December 22, 2025 04:57
@a7vicky
Copy link
Member

a7vicky commented Dec 22, 2025
edited
Loading

/lgtm

1 similar comment
@feichashao
Copy link
Contributor

feichashao commented Dec 24, 2025

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 24, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 24, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: a7vicky, feichashao, MitaliBhalla

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:
  • OWNERS [MitaliBhalla,feichashao]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 24, 2025

@MitaliBhalla: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-merge-bot openshift-merge-bot bot merged commit 7414eeb into openshift:main Dec 24, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@feichashao feichashao feichashao left review comments

+1 more reviewer

@a7vicky a7vicky a7vicky left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@feichashao feichashao

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@MitaliBhalla @codecov-commenter @a7vicky @feichashao