From b12137eaadc4d80c9fe98d53f9281a066e1dda7b Mon Sep 17 00:00:00 2001 From: Michael Hucka Date: Sat, 12 Apr 2025 12:11:31 -0700 Subject: [PATCH 1/3] Remove original dependabot-pr-trimmer.yaml --- .github/workflows/dependabot-pr-trimmer.yaml | 63 -------------------- 1 file changed, 63 deletions(-) delete mode 100644 .github/workflows/dependabot-pr-trimmer.yaml diff --git a/.github/workflows/dependabot-pr-trimmer.yaml b/.github/workflows/dependabot-pr-trimmer.yaml deleted file mode 100644 index 83184ad11..000000000 --- a/.github/workflows/dependabot-pr-trimmer.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# Trim parts of the Dependabot PR text that are unnecessary in the git history. -# -# The trimming needs to be performed before the PR is merged so that the commit -# message is based on the trimmed version. This prevents us from using events -# such as the PR getting closed or merged. Triggering on merge queue events is -# also problematic, because a merge_queue event doesn't have the equivalent of -# "pull_request.user" and we need that to test if the PR came from Dependabot. -# So instead, this workflow triggers when auto-merge is enabled for the PR. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -name: Dependabot PR trimmer -run-name: Filter message body of PR ${{github.event.pull_request.number}} - -on: - pull_request: - types: - - auto_merge_enabled - - workflow_dispatch: - inputs: - pr-number: - description: 'The PR number of the PR to edit:' - type: string - required: true - -# Declare default permissions as read only. -permissions: read-all - -jobs: - filter-message: - name: Filter PR message body - runs-on: ubuntu-24.04 - timeout-minutes: 5 - permissions: - contents: read - pull-requests: write - issues: write - steps: - - if: >- - github.event.pull_request.user.login == 'dependabot[bot]' || - github.event_name == 'workflow_dispatch' - env: - GH_TOKEN: ${{github.token}} - pr-number: ${{inputs.pr-number || github.event.pull_request.number}} - run: | - gh pr view ${{env.pr-number}} -R ${{github.repository}} --json body -q .body |\ - sed '/(dependabot-automerge-end)/,/<\/details>/d' |\ - gh pr edit ${{env.pr-number}} -R ${{github.repository}} --body-file - From 15c5d3e39d70da2b4b8779e84b2ed17d9eb4f4eb Mon Sep 17 00:00:00 2001 From: Michael Hucka Date: Sat, 12 Apr 2025 12:12:16 -0700 Subject: [PATCH 2/3] Add revised and improved Dependabot commit cleaner This does a better job of formatting the commit message. --- .github/workflows/dependabot-pr-cleaner.yaml | 73 ++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 .github/workflows/dependabot-pr-cleaner.yaml diff --git a/.github/workflows/dependabot-pr-cleaner.yaml b/.github/workflows/dependabot-pr-cleaner.yaml new file mode 100644 index 000000000..3a36d8573 --- /dev/null +++ b/.github/workflows/dependabot-pr-cleaner.yaml @@ -0,0 +1,73 @@ +# Copyright 2025 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# Clean up Dependabot PR text so that the git merge commits are more readable. +# +# This removes HTML markup and some content that Dependabot always includes in +# PR message bodies. The editing doesn't need to be done unless the PR will be +# merged, but it does need to be done *before* the merge so the final commit +# message is based on the edited version. We can't use the GitHub events for PRs +# getting merged or closed (because that's too late). Triggering on merge queue +# events is also problematic because those events don't have the equivalent of +# "pull_request.user", which we need for testing if the PR came from Dependabot. +# So instead, this workflow triggers when auto-merge is enabled for a PR. +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +name: Dependabot PR trimmer +run-name: Filter message body of PR ${{github.event.pull_request.number}} + +on: + pull_request: + types: + - auto_merge_enabled + + workflow_dispatch: + inputs: + pr-number: + description: 'The PR number of the PR to edit:' + type: string + required: true + +# Declare default permissions as read only. +permissions: read-all + +jobs: + filter-message: + name: Filter PR message body + # Use a macos runner because it has textutil. + runs-on: macos-14 + timeout-minutes: 5 + permissions: + contents: read + pull-requests: write + issues: write + steps: + - if: >- + github.event.pull_request.user.login == 'dependabot[bot]' || + github.event_name == 'workflow_dispatch' + env: + GH_TOKEN: ${{github.token}} + pr: ${{inputs.pr-number || github.event.pull_request.number}} + run: | + # "gh pr view" returns GFM Markdown containing inline HTML. The first + # two sed commands remove some needless content added by Dependabot + # before we pass it to textutil to convert the HTML; the final sed + # command converts textutil's bullet lists to Markdown syntax. + gh pr view ${{env.pr}} -R ${{github.repository}} --json body -q .body |\ + sed -e '/\[\!\[Dependabot compatibility$/,/^Signed-off-by:/ { /^Signed-off-by:/!d; }' \ + -e 's/
/

/g' |\ + textutil -stdin -format html -convert txt -stdout |\ + sed $'s/\t•\t/* /g' |\ + gh pr edit ${{env.pr}} -R ${{github.repository}} --body-file - From 4b6dfe18e8c6ea68e1d941219c5fe93b7fc63de5 Mon Sep 17 00:00:00 2001 From: Michael Hucka Date: Thu, 24 Apr 2025 11:40:13 -0700 Subject: [PATCH 3/3] Remove dependabot cleaner workflow It's not turning out useful nor is it handling all cases well. --- .github/workflows/dependabot-pr-cleaner.yaml | 73 -------------------- 1 file changed, 73 deletions(-) delete mode 100644 .github/workflows/dependabot-pr-cleaner.yaml diff --git a/.github/workflows/dependabot-pr-cleaner.yaml b/.github/workflows/dependabot-pr-cleaner.yaml deleted file mode 100644 index 3a36d8573..000000000 --- a/.github/workflows/dependabot-pr-cleaner.yaml +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright 2025 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# Clean up Dependabot PR text so that the git merge commits are more readable. -# -# This removes HTML markup and some content that Dependabot always includes in -# PR message bodies. The editing doesn't need to be done unless the PR will be -# merged, but it does need to be done *before* the merge so the final commit -# message is based on the edited version. We can't use the GitHub events for PRs -# getting merged or closed (because that's too late). Triggering on merge queue -# events is also problematic because those events don't have the equivalent of -# "pull_request.user", which we need for testing if the PR came from Dependabot. -# So instead, this workflow triggers when auto-merge is enabled for a PR. -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -name: Dependabot PR trimmer -run-name: Filter message body of PR ${{github.event.pull_request.number}} - -on: - pull_request: - types: - - auto_merge_enabled - - workflow_dispatch: - inputs: - pr-number: - description: 'The PR number of the PR to edit:' - type: string - required: true - -# Declare default permissions as read only. -permissions: read-all - -jobs: - filter-message: - name: Filter PR message body - # Use a macos runner because it has textutil. - runs-on: macos-14 - timeout-minutes: 5 - permissions: - contents: read - pull-requests: write - issues: write - steps: - - if: >- - github.event.pull_request.user.login == 'dependabot[bot]' || - github.event_name == 'workflow_dispatch' - env: - GH_TOKEN: ${{github.token}} - pr: ${{inputs.pr-number || github.event.pull_request.number}} - run: | - # "gh pr view" returns GFM Markdown containing inline HTML. The first - # two sed commands remove some needless content added by Dependabot - # before we pass it to textutil to convert the HTML; the final sed - # command converts textutil's bullet lists to Markdown syntax. - gh pr view ${{env.pr}} -R ${{github.repository}} --json body -q .body |\ - sed -e '/\[\!\[Dependabot compatibility$/,/^Signed-off-by:/ { /^Signed-off-by:/!d; }' \ - -e 's/
/

/g' |\ - textutil -stdin -format html -convert txt -stdout |\ - sed $'s/\t•\t/* /g' |\ - gh pr edit ${{env.pr}} -R ${{github.repository}} --body-file -