At Hrvey we use Dependabot to make sure all our middleware is always up to date. It’s a great service, but it comes with the downside of being somewhat “noisy” because it creates a separate pull request for each dependency that has an update available:
Testing that each of these updates don’t break anything takes time (we need to do so manually with all of the ones that communicate with external sites, since those are mocked during our automated testing). What’s worse, after each of these are merged, we need to wait for the full CI suite to run again for each of the remaining PRs after Dependabot has rebased them.
What if there was a way to combine/group all of these dependabot PRs together? Unfortunately dependabot itself doesn’t have such an option, and even though this is a highly requested feature, the developers seems to be busy with other things.
Luckily, GitHub has something called Workflows that allows you to automate almost anything that can be done on GitHub. So we decided to take matters into our own hands, and have created a Github Workflow that automatically creates a new PR with a branch that has merged all Dependabot PR branches together. This gives you an easy way to test all of the updates together and merge them in one go.
Dependabot is even clever enough to close all the now-redundant PRs after you merge the combined branch.
The workflow is open source and available in this GitHub repo