Combined updates with Dependabot¶
GitHub’s Dependabot tool is excellent. It periodically checks for updates in your requirements, bumps them, and then opens a PR to run your tests and check that all was passing.
Yay! 💃
It’s bothered my for a while that it’s too noisy though. For a big project with lots of dependencies you get a lot of commits in the history which aren’t much more than book-keeping.
I’ve looked at batching the updates with pip
— which is normally fine, but when you get a failure you need to work out which package it was that misbehaved, and TBH I’d much rather leverage someone else’s tool that maintain even a simple GitHub action. (As ever, my favourite software is No software.)
I finally opened up the Dependabot docs, to see if there was a way around this. Sure enough, you can set a target-branch option to have the individual updates applied there.
target-branch: "dependabot/combined"
I can then keep that rebased on main
and make a combined updates PR periodically as desired.
That’s more or less as smooth as I need it. 🦄