[Feature request] Blacklist labels (ignoring dependabot/greenkeeper PRs)

[davidpaulsson]

I've seen many discussions on the whitelist label work (👏) but is there a plan to introduce a label blacklist as well?

Our team would like to be notified about new PRs on our different repositories, but with dependabot enabled it's WAY to spammy.

[welcome[bot]]

Thanks for opening this issue! If you would like to help implement an improvement, read more about contributing and consider submitting a pull request.

[SimplyPhy]

Big upvote on this from me -- dependabots spam our Slack and make the integration feel like more of a hassle than anything. We definitely need a way to prevent them from generating messages in Slack.

[potiuk]

@SimplyPhy @davidpaulsson, @huehnerlady, @timmyers , @rafeca, @exKAZUu, @bmesuere, @flavioribeiro, @nathanhleung, @at-ishikawa - just submitted PR for that one. I hope it's going to be ready to merge and released quickly.

[dep]

@potiuk Looks like your PR is blocked. :(

We are currently not accepting any contributions to this app. You can raise a feature request from here

Lame. Still need this.

[RawandKurdy]

dependabot is way too spammy, we need this.

[dialex]

My team was forced to delete the GitHub Slack integration as soon as we enabled dependabot. Every day he have ~5 PRs/notifications. Creating a separate channel for it is not a solution because it will be a spam channel and no one will check it. This is a loss of productivity because now we have to manually ping each other when there's a PR from a human that needs review.

[hellosagar]

is this feature done?

[pond]

It's been almost 3 years now. Someone even submitted a PR. What gives?!

[monsieurleberre]

Hello, can you please let us know if there is an update on the deployment of this feature?

[benatdelta]

Our team is still waiting for this feature

[alec-petersen]

@sanjeev9160 @ashokirla Would it be possible to get an update on the progress of this feature?

[randyshoopman]

Maybe not ideal but if Github added the ability to default labels on PRs via pull_request_template.md then we could use the label filter feature of the slack integration to only show PRs from non bots. Just throwing that out there

[andreasbsk]

Any updates on this at all? Would be a great addition.

[zomgbre]

PLEASE can we have this!

Also having an issue setting pull request limit with dependabot and this on top of it is incredibly frustrating. :)

[apagano-vue]

Since it seems this is not something that Github is willing to implement here's our workaround if it helps someone: 

1. disable github slack bot
2. create new Slack app in your workspace
3. create incoming webhook targeting your channel(s) of interest for your new Slack app
4. in Github, save webhook url in a repo secret SLACK_WEBHOOK_URL
5. create custom action workflow to trigger Slack notification. For example for [opened, reopened, closed] PR events: 

name: slack notifications

on:
  pull_request:
    types: [opened, reopened, closed]

jobs:
  opened:
    name: opened PRs
    # only notify when a PR is opened or reopened and it wasn't created by dependabot
    if: ${{ (github.event.action == 'opened' || github.event.action == 'reopened') && github.event.pull_request.user.login != 'dependabot[bot]' }}
    runs-on: ubuntu-latest
    steps:
      - name: Send custom JSON data to Slack workflow
        id: slack
        uses: slackapi/[email protected]
        with:
          payload: |
            {
              "blocks": [
                {
                  "type": "header",
                  "text": {
                      "type": "plain_text",
                      "text": "New PR opened :rocket:",
                      "emoji": true
                  }
                },
                {
                  "type": "section",
                  "fields": [
                    {
                      "type": "mrkdwn",
                      "text": "Opened by:\n${{ github.event.pull_request.user.login }}"
                    },
                    {
                      "type": "mrkdwn",
                      "text": " Opened at:\n${{ github.event.pull_request.created_at }}"
                    }
                  ]
                },
                {
                  "type": "section",
                  "text": {
                    "type": "mrkdwn",
                    "text": "<${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>"
                  }
                }
              ]
            }
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
  closed:
    name: closed PRs
    # only notify when a PR is closed and it wasn't created by dependabot
    if: ${{ github.event.action == 'closed' && github.event.pull_request.user.login != 'dependabot[bot]' }}
    runs-on: ubuntu-latest
    steps:
      - name: Send custom JSON data to Slack workflow
        id: slack
        uses: slackapi/[email protected]
        with:
          payload: |
            {
              "blocks": [
                {
                  "type": "header",
                  "text": {
                      "type": "plain_text",
                      "text": "PR closed :white_check_mark:",
                      "emoji": true
                  }
                },
                {
                  "type": "section",
                  "fields": [
                    {
                      "type": "mrkdwn",
                      "text": "Closed by:\n${{ github.actor }}"
                    },
                    {
                      "type": "mrkdwn",
                      "text": " Closed at:\n${{ github.event.pull_request.closed_at }}"
                    }
                  ]
                },
              {
                "type": "section",
                "text": {
                  "type": "mrkdwn",
                  "text": "<${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>"
                }
              }
              ]
            }
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

The important filter to exclude any PRs generated by dependabot is if: ${{ github.event.pull_request.user.login != 'dependabot[bot]' }}

[niklasHagner]

@apagano-vue: Thanks a bunch! :star:

Tried it out and works most of the time.

But the github action will fail with json_error for PR-titles that contain double quotes. ${{ github.event.pull_request.title }} needs some string escaping

Because "text": "<${{ github.event.pull_request.html_url }}|${{ github.event.pull_request.title }}>" is output as JSON with too many quotes "text:": "<$github.com/some-repo/my-fancy-feature|My "fancy" feature>" and that results in invalid json

[ElijahLynn]

/github help in Slack says:

Label filters for issues, pull requests Filter incoming events based on the user provided list of labels. /github subscribe owner/repo +label:"my label" /github unsubscribe owner/repo +label:"my label"

[zomgbre]

Nice, well that's new! Thanks for the heads up.

Just kidding, @ElijahLynn I tried your solution. Doesn't work. :(

[sgarner]

Nice, well that's new! Thanks for the heads up.

Nothing has changed? There has always been the ability to filter in events by whitelisting particular labels. But that's not very useful. What this issue is asking for is the inverse ability to filter out events by blacklisting particular unwanted labels.

[pond]

@sgarner Yes, that's right. Something like -label:"..." instead of +label:"...".

[niklasHagner]

To add to the GithubAction-solution from @apagano-vue

I found a solution to my previous comment

But the github action will fail with json_error for PR-titles that contain double quotes. ${{ github.event.pull_request.title }} needs some string escaping

I found that storing values as env vars results in string escaping.

So here's my variant which consistently uses env vars. (Plus some different formatting: one row with the PR info and a second row with username+avatar)

on:
  pull_request:
    types: [opened, reopened, closed]

jobs:
  opened:
    name: opened PRs
    # only notify when a PR is opened or reopened by someone else than dependabot
    if: ${{ (github.event.action == 'opened' || github.event.action == 'reopened') && github.event.pull_request.user.login != 'dependabot[bot]' }}
    runs-on: ubuntu-latest
    steps:
      - name: Send custom JSON data to Slack workflow
        id: slack
        uses: slackapi/[email protected]
        env:
          PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }}
          PULL_REQUEST_TITLE: ${{ github.event.pull_request.title }}
          PULL_REQUEST_AUTHOR_NAME: ${{ github.event.pull_request.user.login }}
          PULL_REQUEST_AUTHOR_ICON_URL: ${{ github.event.pull_request.user.avatar_url }}
          PULL_REQUEST_URL: ${{ github.event.pull_request.html_url }}
          PULL_REQUEST_ACTOR: ${{ github.actor }}
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
        with:
          payload: |
            {
              "blocks": [
                {
                  "type": "section",
                  "text": {
                    "type": "mrkdwn",
                    "text": ":mailbox: Opened PR <${{ env.PULL_REQUEST_URL }}|${{ env.PULL_REQUEST_NUMBER }} ${{ env.PULL_REQUEST_TITLE }}>"
                  }
                },
                {
                  "type": "context",
                  "elements": [
                    {
                      "type": "plain_text",
                      "text": "Author: ${{ env.PULL_REQUEST_AUTHOR_NAME }}"
                    },
                    {
                      "type": "image",
                      "image_url": "${{ env.PULL_REQUEST_AUTHOR_ICON_URL }}",
                      "alt_text": "github avatar"
                    }
                  ]
                }
              ]
            }

  merged:
    name: merged PR
    # only notify when a PR is merged by someone else than dependabot
    if: ${{ github.event.pull_request.merged == true && github.event.pull_request.user.login != 'dependabot[bot]' }}
    runs-on: ubuntu-latest
    steps:
      - name: Send custom JSON data to Slack workflow
        id: slack
        uses: slackapi/[email protected]
        env:
          PULL_REQUEST_NUMBER : ${{ github.event.pull_request.number }}
          PULL_REQUEST_TITLE : ${{ github.event.pull_request.title }}
          PULL_REQUEST_AUTHOR_NAME : ${{ github.event.pull_request.user.login }}
          PULL_REQUEST_AUTHOR_ICON_URL : ${{ github.event.pull_request.user.avatar_url }}
          PULL_REQUEST_URL : ${{ github.event.pull_request.html_url }}
          PULL_REQUEST_ACTOR : ${{ github.actor }}
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
        with:
          payload: |
            {
              "blocks": [
                {
                  "type": "section",
                  "text": {
                    "type": "mrkdwn",
                    "text": ":merged: Merged PR <${{ env.PULL_REQUEST_URL }}|${{ env.PULL_REQUEST_NUMBER }} ${{ env.PULL_REQUEST_TITLE }}>"
                  }
                },
                {
                  "type": "context",
                  "elements": [
                    {
                      "type": "plain_text",
                      "text": "Author: ${{ env.PULL_REQUEST_AUTHOR_NAME }}"
                    },
                    {
                      "type": "image",
                      "image_url": "${{ env.PULL_REQUEST_AUTHOR_ICON_URL }}",
                      "alt_text": "github avatar"
                    }
                  ]
                }
              ]
            }

Result:

This can handle doublequotes in PR titles

(However it's not perfect, it cannot handle < or > since those are special key characters in this format)

[zomgbre]

Nice, well that's new! Thanks for the heads up.

Nothing has changed? There has always been the ability to filter in events by whitelisting particular labels. But that's not very useful. What this issue is asking for is the inverse ability to filter out events by blacklisting particular unwanted labels.

I was assuming the previous poster in the thread, @ElijahLynn, was sharing that that you could unsubscribe from dependabot PRs by doing the following:

/github unsubscribe owner/repo +label:"dependencies"

I just had time to try it and it doesn't work. Carry on lol.

Dear Github, We've been asking for this feature for a long time please send help. :) Thanks, Your consumers

[karlbecker]

Hi GitHub, any chance we could do this now? Our GitHub integration is extremely noisy due to our Dependabot PRs, and a change like the one @zomgbre outlines above...

/github subscribe owner/repo -label:"dependencies"

...would solve this for the hundreds of people who have emoji responded here.

Pretty please?

[nerdalert]

Shakes fist at the sky.. bump, 👋 GitHub. We're all drowning in dependabot messages for enough years meow, have mercy.

[pond]

@nerdalert Late-stage enshittification - more bloat, more features we don't really want (and all are buggy), inevitable infestation of AI, but the basic quality-of-life stuff just gets ignored while the ostensibly unchanged base starts to rot with more and more bugs creeping in over time.

Keep your eye out for the incoming 20%+ price rise and/or shuffling of tiers to force you to pay more.

Lord knows, I hope I'm wrong - as long as you can self-host GitLab there's viable competition for anyone to jump ship quite easily, and MS must know it.