From 0cc7393e59a4cfd78b78593e36f261f137881fa5 Mon Sep 17 00:00:00 2001 From: Jonathan Kingston Date: Mon, 8 Dec 2025 11:20:00 +0000 Subject: [PATCH 1/5] Add dependency checker comment --- .github/workflows/dependabot-auto-merge.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 97a6701d3b..332f83f8cb 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -30,3 +30,14 @@ jobs: env: PR_URL: ${{ github.event.pull_request.html_url }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Request Cursor review + run: | + gh pr comment "$PR_URL" --body "@cursoragent can you review against the current code and outline potential impacts based on the changelogs of the update? + + Can you think through if this dependency is still needed or if there's better practices used elsewhere. + + Can you draft a separate PR with any fixes that might be needed?" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 48373c0ae4c7ddfd7a0a9b02132f331122fc0f7a Mon Sep 17 00:00:00 2001 From: Jonathan Kingston Date: Mon, 8 Dec 2025 11:47:54 +0000 Subject: [PATCH 2/5] Add comment when dependabot gets stale to recreate --- .../dependabot-conflict-detector.yml | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/dependabot-conflict-detector.yml diff --git a/.github/workflows/dependabot-conflict-detector.yml b/.github/workflows/dependabot-conflict-detector.yml new file mode 100644 index 0000000000..4682af2802 --- /dev/null +++ b/.github/workflows/dependabot-conflict-detector.yml @@ -0,0 +1,44 @@ +name: Dependabot conflict detector + +on: + push: + branches: [main] + +permissions: + pull-requests: write + +jobs: + check-conflicts: + runs-on: ubuntu-latest + steps: + - name: Check Dependabot PRs for conflicts + uses: actions/github-script@v7 + with: + script: | + const { data: pulls } = await github.rest.pulls.list({ + owner: context.repo.owner, + repo: context.repo.repo, + state: 'open', + }); + + const dependabotPRs = pulls.filter(pr => pr.user.login === 'dependabot[bot]'); + + for (const pr of dependabotPRs) { + // Fetch full PR to get accurate mergeable status + const { data: fullPR } = await github.rest.pulls.get({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: pr.number, + }); + + if (fullPR.mergeable === false) { + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: pr.number, + body: '@dependabot recreate', + }); + console.log(`Requested recreate for PR #${pr.number}`); + } + } + From a4ea6ac457c9135185ae9ce98903151879af1131 Mon Sep 17 00:00:00 2001 From: Jonathan Kingston Date: Mon, 8 Dec 2025 12:31:34 +0000 Subject: [PATCH 3/5] Add opened check to prevent multiple comments --- .github/workflows/dependabot-auto-merge.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 332f83f8cb..5add725fdd 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -32,6 +32,7 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Request Cursor review + if: github.event.action == 'opened' run: | gh pr comment "$PR_URL" --body "@cursoragent can you review against the current code and outline potential impacts based on the changelogs of the update? From 4ed6465f4f8560a53d3295504728218d313938f2 Mon Sep 17 00:00:00 2001 From: Jonathan Kingston Date: Mon, 8 Dec 2025 12:48:08 +0000 Subject: [PATCH 4/5] Lint fix --- .../dependabot-conflict-detector.yml | 67 +++++++++---------- 1 file changed, 33 insertions(+), 34 deletions(-) diff --git a/.github/workflows/dependabot-conflict-detector.yml b/.github/workflows/dependabot-conflict-detector.yml index 4682af2802..d576ee6970 100644 --- a/.github/workflows/dependabot-conflict-detector.yml +++ b/.github/workflows/dependabot-conflict-detector.yml @@ -1,44 +1,43 @@ name: Dependabot conflict detector on: - push: - branches: [main] + push: + branches: [main] permissions: - pull-requests: write + pull-requests: write jobs: - check-conflicts: - runs-on: ubuntu-latest - steps: - - name: Check Dependabot PRs for conflicts - uses: actions/github-script@v7 - with: - script: | - const { data: pulls } = await github.rest.pulls.list({ - owner: context.repo.owner, - repo: context.repo.repo, - state: 'open', - }); + check-conflicts: + runs-on: ubuntu-latest + steps: + - name: Check Dependabot PRs for conflicts + uses: actions/github-script@v7 + with: + script: | + const { data: pulls } = await github.rest.pulls.list({ + owner: context.repo.owner, + repo: context.repo.repo, + state: 'open', + }); - const dependabotPRs = pulls.filter(pr => pr.user.login === 'dependabot[bot]'); + const dependabotPRs = pulls.filter(pr => pr.user.login === 'dependabot[bot]'); - for (const pr of dependabotPRs) { - // Fetch full PR to get accurate mergeable status - const { data: fullPR } = await github.rest.pulls.get({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: pr.number, - }); - - if (fullPR.mergeable === false) { - await github.rest.issues.createComment({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: pr.number, - body: '@dependabot recreate', - }); - console.log(`Requested recreate for PR #${pr.number}`); - } - } + for (const pr of dependabotPRs) { + // Fetch full PR to get accurate mergeable status + const { data: fullPR } = await github.rest.pulls.get({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: pr.number, + }); + if (fullPR.mergeable === false) { + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: pr.number, + body: '@dependabot recreate', + }); + console.log(`Requested recreate for PR #${pr.number}`); + } + } From 60b772892140e7cea0b1fe71a6e31f2798b08579 Mon Sep 17 00:00:00 2001 From: Jonathan Kingston Date: Mon, 8 Dec 2025 13:46:57 +0000 Subject: [PATCH 5/5] Add a comment about coverage --- .github/workflows/dependabot-auto-merge.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index 5add725fdd..3b255599ef 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -36,6 +36,7 @@ jobs: run: | gh pr comment "$PR_URL" --body "@cursoragent can you review against the current code and outline potential impacts based on the changelogs of the update? + Can you check the test coverage and ensure that the new code is covered? Can you think through if this dependency is still needed or if there's better practices used elsewhere. Can you draft a separate PR with any fixes that might be needed?"