Remove Dependabot PRs from release notes?

intuit / auto

Generate releases based on semantic version labels on pull requests.

https://intuit.github.io/auto/

MIT License

2.25k stars 202 forks source link

Remove Dependabot PRs from release notes? #2031

Open mattfelten opened 3 years ago

mattfelten commented 3 years ago

Dependabot recently started barraging my project with PRs, and while useful, it's making release notes quite noisy. I can't seem to figure out how to remove dependabot PRs though.

{
    "plugins": [
        [
            "npm",
            {
                "monorepoChangelog": false
            }
        ],
        [
            "omit-release-notes",
            {
                "username": "dependabot[bot]"
            }
        ],
        "first-time-contributor",
        "released"
    ],
    …
}

Using omit-release-notes seems like it should work but it doesn't. Is there something I'm missing about how this works?

hasparus commented 3 years ago

I had the same problem. I ended up entirely omitting dependabot's commits with omit-commits plugin.

const omitCommitsOptions: IOmitCommitsPluginOptions = {
  subject: [
    'Merge branch',
    'chore:',
    'chore(',
    'ci(',
    'ci:',
    'test:',
    'test(',
    'fix(ci):',
  ],
} 

export default function config(): AutoRc {
  return {
    baseBranch: 'stable',
    prereleaseBranches: ['develop'],
    plugins: [
      ['npm', npmOptions],
      ['conventional-commits', conventionalCommitsOptions],
      'first-time-contributor',
      'released',
      ['all-contributors', allContributorsOptions],
      ['omit-commits', omitCommitsOptions],
    ],
  }
}

hydrosquall commented 3 years ago

Thanks for sharing this example @hasparus - on the topic of muting Dependabot, we're also avoiding building canary commits for Dependabot's PRs using github actions syntax to avoid running shipit on branches that matches its naming pattern. Not sure if there's a way to ignore it from within Auto's config directly.

https://github.com/vega/ts-json-schema-generator/pull/856#issuecomment-882912325

mattfelten commented 3 years ago

I do see there's the bot-list package that does include dependabot among others, but I'm not sure how that should be used.

hipstersmoothie commented 3 years ago

@mattfelten could you post a log with -vv here? once I know the username we can add it to the botlist. maybe the botlist should support regexes?