dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard
verified publisher icon dependabot

feature request: minimal PR description option/formatting

Open tessr opened this issue 5 years ago • 6 comments

Right now, Dependabot fills the PR description with HTML. This provides a very pretty PR in the Github UI, but plays poorly with git workflows that use the PR description when that PR is merged. We end up with commit messages that look like this:

Screen Shot 2020-04-23 at 11 38 41 AM

This is from https://github.com/tendermint/tendermint/commit/ad9003d448abdb1aeb105025fceb683198ffac7b. If you scroll down, you can even see that the commit message has Dependabot usage instructions in there!

It would be awesome to have a formatting option to use plaintext or even markdown for the PR body, and even more awesome to have a "minimal" option that didn't include Dependabot instructions and other superfluous stuff. This seems similar to https://github.com/dependabot/feedback/issues/287, but not exactly.

Thanks y'all! My team loves Dependabot, and we'd love to see it get even better!

tessr avatar Apr 23 '20 09:04 tessr

Thanks @tessr, awesome to hear that you like dependabot!

We do have some code in dependabot-core to use plaintext or markdown for azure devops and codecommit already, so doing something similar based on a preference for github does not seem that far out.

However, the team is currently swamped scaling up dependabot for github.com, so it might be a while before we get to this.

jurre avatar Apr 23 '20 09:04 jurre

Issue is almost 3 years old now. Any updates?

zachwhaley avatar Feb 24 '23 18:02 zachwhaley

Hi @zachwhaley. No updates to share. But this library is open source and we're open to reviewing any community contributions you may want to share :) For example, investigating how we could reuse the code we already have in place to build plaintext PRs for other platforms would be a good start!

deivid-rodriguez avatar Feb 24 '23 18:02 deivid-rodriguez

It would be nice to have an option to use the branch's 1st commit message for the PR description; the branch's commit message seems to be much more compact.

For example, the 1st commit message from this PRs example would be

build(deps): bump google.golang.org/grpc from 1.28.1 to 1.29.0

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.28.1 to 1.29.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.28.1...v1.29.0)

Signed-off-by: dependabot-preview[bot] <[email protected]>

see https://github.com/tendermint/tendermint/pull/4720/commits/adddf528e2467db72f41823c4da1d30d97f5fd8c

devinrsmith avatar Jul 23 '24 18:07 devinrsmith

I have the same issue.

My projects only use the GitHub option "Allow squash merging" with "Default commit message" set to "Pull request title and description". This works great for human contributed commit messages but works poorly for dependabot. We have adopted the habit of editing dependabot's commit message on merge, but new team members aren't aware of this gotcha and so the large unreadable HTML blob makes its way in every once in a while.

Screenshot from 2024-08-31 07-42-28

I propose the following change to dependabot to make this this more compatible with this GitHub option.

  1. Make the dependabot pull request title and description match the dependabot commit message title and description so that it is ready to merge as-is.
  2. Make dependabot immediately comment on the pull request with the same information that is already in the HTML blob.

To me, this is the best of both worlds as the user gets all the same information, including the dependabot usage instructions, as well as a more reasonable final commit message.

If the above idea is too disruptive for all users, then the decision could depend on the repository's options and then dependabout could make a choice about where to put the HTML blob (either in the pull request description or the first comment). However, IMO, a consistent behavior would be better for multi-repository users.

As a real life example, I feel like this proposal matches how the DefinitelyTyped bot works. If you browse the pull requests at https://github.com/DefinitelyTyped/DefinitelyTyped/pulls, then you will see that all PRs have a first comment coming from a bot with lots of information. Dependabot could adopt this model.

jdufresne avatar Aug 31 '24 14:08 jdufresne

I concur that making an immediate comment with the content currently in the description would be great - the comment could be edited on rebase, etc. just like the description is (I'm pretty sure I've seen this pattern with other bots as well).

luxaritas avatar Oct 11 '24 21:10 luxaritas

Is this alive ?

luqasz avatar Dec 02 '24 13:12 luqasz

To pile on, this is also used in some places in ADO now as well, and it does the same, filling ADO PR descriptions with the full max allowed 4000/4000 characters. Many teams now have process in place that PRs are required to follow a specific template, with specific content inside about risk, testing, etc. The PRs created with this content then have to be hand edited and someone has to strip out all the html to make room for their own template content.

just use the minimal amount of info necessary (in markdown, preferably) for the PR, and link out to any further info. there doesn't need to be html styling, etc in the PR content.

gardnerjr avatar Oct 16 '25 18:10 gardnerjr