Ask Your Question
3

How can Dependabot pull requests be ignored or excluded in GitHub Actions?

asked 2021-07-02 11:00:00 +0000

lakamha gravatar image

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-08-03 19:00:00 +0000

david gravatar image

There are a few ways to exclude Dependabot pull requests from GitHub Actions:

  1. Using the if condition in the workflow file: You can use the if condition to only run the workflow if the pull request is not generated by the Dependabot. For example:

    on:
 pull_request:
   branches: [main]
jobs:
 build:
   if: "!contains(github.actor, '[bot]')"
   runs-on: ubuntu-latest
   steps:
     - name: Checkout
       uses: actions/checkout@v2
     - name: Build
       run: ./build.sh

    In this example, the if: "!contains(github.actor, '[bot]')" line checks if the username of the actor (who triggered the workflow) doesn't contain [bot]. This will skip the workflow if Dependabot created the pull request.

  2. Using the jobs.<job_id>.if condition: You can also use the jobs.<job_id>.if condition to run specific jobs only if the pull request is not generated by the Dependabot. For example:

    on:
 pull_request:
   branches: [main]
jobs:
 build:
   runs-on: ubuntu-latest
   steps:
     - name: Checkout
       uses: actions/checkout@v2
     - name: Build
       run: ./build.sh
 test:
   if: "!contains(github.actor, '[bot]')"
   runs-on: ubuntu-latest
   steps:
     - name: Checkout
       uses: actions/checkout@v2
     - name: Test
       run: ./test.sh

    In this example, the test job will only run if the actor is not a bot (i.e. Dependabot).

  3. Using the pull_request_target event: Another option is to use the pull_request_target event, which is triggered when a pull request is targeted at a specific branch (e.g. main). This event includes a pull_request object for the target branch, which you can use to filter out the Dependabot pull requests. For example:

    on:
 pull_request_target:
   branches: [main]
jobs:
 build:
   runs-on: ubuntu-latest
   steps:
     - name: Checkout
       uses: actions/checkout@v2
     - name: Build
       run: ./build.sh
     - name: Test
       if: ${{ github.event.pull_request.user.login != 'dependabot[bot]' }}
       run: ./test.sh

    In this example, the Test step will only run if the pull_request.user.login is not dependabot[bot].

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss

Add Answer


Question Tools

subscribe to rss feed

Stats

Asked: 2021-07-02 11:00:00 +0000

Seen: 18 times

Last updated: Aug 03 '21

Related questions

What is the process for immediately checking out the latest commit of a branch that has been updated by a git pull?

Is it possible to retrieve 'official' images from Docker Hub using Podman pull?

How can the local branch be updated without using git pull?

I am receiving an error message on GitHub while attempting to push or pull, prompting me to use a personal access token instead. Can you explain what this means?

Is it possible to make "ff-only" the default setting for "git pull" but not for "git merge"?

Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact