This is a follow up to my post a few days ago pr-compliance-action. I had been excited to see how it would behave on a real project, and yesterday I got my wish!
The Open Sauced project is configured to have dependabot run on Thursdays, and my action contribution had gotten implemented last Friday. @bdougieyo has the Open Sauced discord setup to monitor the GitHub repo for comments and other events and yesterday we got the regular traffic from
dependabot, but for each PR that it opened,
pr-compliance-action jumped in with a comment of its own! This was because of two things - one was by design, and one was a bug in the design.
pr-compliance-action is checking for PRs opened that don't refer to an existing issue in the repo. Dependabot opens PRs that fit that description. Also by design,
pr-compliance-action is supposed to ignore
dependabot by default. The bug was in the workflow file for
ignore-authors input, using the wrong style of multiline YAML syntax. Easy fix, one character!
Steps to reproduce
Wait for Thursday
Wait for Dependabot to open a pull request
Dependabot gets greeted to join Discord
The other opportunity for improvement that became apparent was that
pr-compliance-action didn't discriminate whether a PR author was a repo owner or a team member. This was a little more involved a feature to implement than a single character change, but I enjoyed it. This was a matter of leveraging the GitHub's REST API to list out whether the user's orgs included the org that owns the repo in question.
Two release tags in one day - is that a reason to celebrate? Well I am :-)