github-action-merge-dependabot
github-action-merge-dependabot copied to clipboard
fastify
Add support for dependabot's compatibility score
Prerequisites
- [X] I have written a descriptive issue title
- [X] I have searched existing issues to ensure the feature has not already been requested
🚀 Feature Proposal
Description
It would be nice to be able to use dependabot's compatibility score when deciding whether to merge a PR or not.
Notes
There are some reports of this not working as expected and returning unknown insted of the compatibility score for all PRs, but as far as I tested some PRs do have a compatibility score and it seems to be working just fine. Those reports are probably just related to the update not having the 5 candidates needed for the score as mentioned on this comment.
Following are some recent PRs with compatibility score being shown: https://github.com/nearform/the-fastify-workshop/pull/626 https://github.com/dependabot/fetch-metadata/pull/270
Motivation
No response
Example
No response
https://github.com/dependabot/fetch-metadata/pull/270. This PR has a compatibility score badge 95% in the body of the PR, but the output of the fetch-metadata action shows compatibility score 0. https://github.com/nearform/the-fastify-workshop/actions/runs/3180518436/jobs/5184208481#step:2:23
dependabot/fetch-metadata#270. This PR has a compatibility score badge 95% in the body of the PR, but the output of the fetch-metadata action shows compatibility score 0. https://github.com/nearform/the-fastify-workshop/actions/runs/3180518436/jobs/5184208481#step:2:23
That's because compat-lookup wasn't set before.
Understood. We need to think about this a little bit though, in terms of the workflow. I mean, if you set a score value and it's not satisfied, what happens? I guess the PR is not merged, but then what should we do with it? Does dependabot update the score over time? Basically we need to understand a bit the workflow and what users should expect when using the compat score.