-
Notifications
You must be signed in to change notification settings - Fork 6
Add labeler-dependabot.yml to auto-label Dependabot PRs by update type #81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
efc0ecb
6b5ef2e
f71a111
90f9e3e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,66 @@ | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| name: Labeler - Dependabot | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| on: | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| pull_request: | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| permissions: | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| contents: read | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| pull-requests: write | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| pull-requests: write | |
| pull-requests: write | |
| issues: write |
Copilot
AI
Mar 24, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The job filter uses github.actor == 'dependabot[bot]'. That ties execution to who triggered the event, not who authored the PR, so Dependabot PRs may not get labeled on event types initiated by humans (e.g., edited) or when re-running the workflow. Prefer checking github.event.pull_request.user.login == 'dependabot[bot]' (and/or the PR author association) to ensure it always targets Dependabot PRs.
| github.actor == 'dependabot[bot]' && | |
| github.event.pull_request.user.login == 'dependabot[bot]' && |
Copilot
AI
Mar 24, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
issues.createLabel is missing required fields (notably color). As written, label creation will fail when the labels don’t already exist. Provide a color (and optionally description) when creating the labels.
Copilot
AI
Mar 24, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
listLabelsForRepo is limited to per_page: 100 with no pagination. If the repo has >100 labels, an existing label may not be found, leading to a failing createLabel call. Consider using issues.getLabel per label, paginate, or catch/ignore the “already exists” error (422).
| const existing = await github.rest.issues.listLabelsForRepo({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| per_page: 100 | |
| }); | |
| const existingNames = existing.data.map(l => l.name); | |
| for (const label of labels) { | |
| if (!existingNames.includes(label)) { | |
| await github.rest.issues.createLabel({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| name: label | |
| }); | |
| core.info(`Created label: ${label}`); | |
| // Fetch all labels with pagination to avoid the 100-label per-page limit. | |
| const existingLabels = await github.paginate( | |
| github.rest.issues.listLabelsForRepo, | |
| { | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| per_page: 100 | |
| } | |
| ); | |
| const existingNames = existingLabels.map(l => l.name); | |
| for (const label of labels) { | |
| if (!existingNames.includes(label)) { | |
| try { | |
| await github.rest.issues.createLabel({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| name: label | |
| }); | |
| core.info(`Created label: ${label}`); | |
| } catch (error) { | |
| // Ignore "already exists" errors (HTTP 422), rethrow others. | |
| if (error.status === 422) { | |
| core.info(`Label already exists, skipping creation: ${label}`); | |
| } else { | |
| throw error; | |
| } | |
| } |
Copilot
AI
Mar 24, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When ENSURE_LABELS_EXIST is set to 'false' and the labels don’t exist, issues.addLabels will fail with a generic API error. Consider handling that case explicitly (e.g., check label existence before labeling or catch the error and emit a clear message explaining how to create the missing labels).
| core.info(`PR #${context.payload.pull_request.number} is ${isSecurityUpdate ? '' : 'not '}a security update — adding label: ${label}`); | |
| await github.rest.issues.addLabels({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.payload.pull_request.number, | |
| labels: [label] | |
| }); | |
| const prNumber = context.payload.pull_request.number; | |
| core.info(`PR #${prNumber} is ${isSecurityUpdate ? '' : 'not '}a security update — adding label: ${label}`); | |
| try { | |
| await github.rest.issues.addLabels({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: prNumber, | |
| labels: [label] | |
| }); | |
| } catch (error) { | |
| const ensureLabels = process.env.ENSURE_LABELS_EXIST; | |
| const hint = ensureLabels === 'false' | |
| ? "The label may not exist because ENSURE_LABELS_EXIST is set to 'false'. Create the label in the repository's Labels settings, or set ENSURE_LABELS_EXIST to 'true' so this workflow can create it automatically." | |
| : "Ensure the label exists in the repository's Labels settings, or set ENSURE_LABELS_EXIST to 'true' so this workflow can create it automatically."; | |
| core.setFailed(`Failed to add label '${label}' to PR #${prNumber}. ${hint} Original error: ${error.message}`); | |
| } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR description states the workflow (a) runs on
pull_request“all event types” and (b) follows the documenteddependabot/fetch-metadatapattern, but the workflow currently uses defaultpull_requestevent types and doesn’t calldependabot/fetch-metadata. Either update the workflow to match (e.g., specifytypes:and/or addfetch-metadata) or adjust the PR description to reflect the implemented approach.