gravitational · rosstimothy · Jan 5, 2023 · Dec 30, 2022 · Jan 4, 2023 · Jan 4, 2023
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,6 +4,8 @@ updates:
     directory: "/"
     schedule:
       interval: weekly
+      day: "sunday"
+      time: "09:00" # 9am UTC
     ignore:
       # Deprecated APIs, requires manual changes.
       # TODO(xacrimon): Update Firestore and solve deprecations.
@@ -43,6 +45,8 @@ updates:
     directory: "/api"
     schedule:
       interval: weekly
+      day: "sunday"
+      time: "09:00" # 9am UTC
     ignore:
       # TODO(codingllama): Allow /x/crypto updates after upstream patch.
       - dependency-name: golang.org/x/crypto
@@ -58,6 +62,8 @@ updates:
     directory: "/"
     schedule:
       interval: weekly
+      day: "sunday"
+      time: "09:00" # 9am UTC
     open-pull-requests-limit: 10
     reviewers:
       - codingllama
@@ -68,6 +74,8 @@ updates:
     directory: "/lib/srv/desktop/rdp/rdpclient"
     schedule:
       interval: weekly
+      day: "sunday"
+      time: "09:00" # 9am UTC
     open-pull-requests-limit: 10
     reviewers:
       - codingllama

@@ -30,7 +30,7 @@ permissions:
 jobs:
   auto-request-review:
     name: Auto Request Review
-    if: ${{ !github.event.pull_request.draft }}
+    if: ${{ !github.event.pull_request.draft && !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: ubuntu-latest
     steps:
       # Checkout main branch of shared-workflow repository.

@@ -29,6 +29,7 @@ on:
 jobs:
   build:
     name: Build on Mac OS
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: macos-12 # TODO(r0mant): Update with large runner when it's available
 
     permissions:

@@ -27,6 +27,7 @@ on:
 jobs:
   build:
     name: Build on Windows
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: windows-2022-16core
 
     permissions:

@@ -32,7 +32,7 @@ permissions:
 jobs:
   check-reviews:
     name: Checking reviewers
-    if: ${{ !github.event.pull_request.draft }}
+    if: ${{ !github.event.pull_request.draft && !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: ubuntu-latest
     steps:
       # Checkout main branch of shared-workflow repository.

@@ -18,6 +18,7 @@ on:
 
 jobs:
   fuzzing:
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     name: Fuzzing
     runs-on: ubuntu-22.04-32core
     permissions:

@@ -17,6 +17,7 @@ on:
 jobs:
   analyze:
     name: Analyze
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: ubuntu-22.04-32core
     permissions:
       actions: read

@@ -0,0 +1,27 @@
+# This workflow combines all open Dependabot PRs into a single batched
+# PR, links all the Dependabot PRs to the new one, and closes all the
+# Dependabot PRs. The schedule is set to exactly 12 hours after the
+# Dependabot schedule.
+#
+# All workflows that run on PR should be skipped for Dependabot PRs
+# to prevent wasting CI cycles.
+name: 'Dependabot Batcher'
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 21 * * 0' # At 9:00 PM every Sunday UTC
+
+permissions:
+    pull-requests: write
+    contents: write
+
+jobs:
+  dependabot-batcher:
+    name: 'Combine Dependabot PRs'
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Dependabot Batcher'
+        uses: Legal-and-General/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }} #required
+          baseBranchName: 'master'
@@ -5,6 +5,7 @@ on:
 
 jobs:
   dependency-review:
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     uses: gravitational/shared-workflows/.github/workflows/dependency-review.yaml@main
     permissions:
       contents: read
@@ -10,6 +10,7 @@ on:
 jobs:
   doc-tests:
     name: Lint (Docs)
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: ubuntu-latest
 
     permissions:

@@ -23,6 +23,7 @@ on:
 jobs:
   test:
     name: Integration Tests (Non-root)
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: ubuntu-22.04-16core
 
     permissions:

@@ -23,6 +23,7 @@ on:
 jobs:
   test:
     name: Integration Tests (Root)
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: ubuntu-22.04-16core
 
     permissions:

@@ -30,7 +30,7 @@ permissions:
 jobs:
   auto-label-pr:
     name: Label Pull Request
-    if: ${{ !github.event.pull_request.draft }}
+    if: ${{ !github.event.pull_request.draft && !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: ubuntu-latest
     steps:
       # Checkout main branch of shared-workflow repository.

@@ -9,6 +9,7 @@ on:
 
 jobs:
   lint:
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     name: Lint (Go)
     runs-on: ubuntu-22.04-16core
 

@@ -10,6 +10,7 @@ on:
 jobs:
   build:
     name: OS Compatibility Build
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: ubuntu-22.04-16core
 
     permissions:

@@ -23,6 +23,7 @@ on:
 jobs:
   test:
     name: Unit Tests (Go)
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: ubuntu-22.04-32core
 
     permissions:

@@ -27,6 +27,7 @@ on:
 jobs:
   test:
     name: Unit Tests (Operator)
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: ubuntu-22.04-16core
 
     permissions:

@@ -23,6 +23,7 @@ on:
 jobs:
   test:
     name: Unit Tests (Rust)
+    if: ${{ !startsWith(github.head_ref, 'dependabot/') }}
     runs-on: ubuntu-latest
 
     permissions: