Telling Depfu what to do with bot commands
There are two main ways you can interact with Depfu: clicking around in the UI and by commenting on the Depfu pull requests.
The UI is for getting an overview and configuring Depfu. The bot commands via comments are for day-to-day interactions, mainly working with a single version upgrade.
Here is the list of things you can tell Depfu to do:
Depfu auto-detects merge conflicts on open PRs and auto-resolves them one by one in the background. It does not keep the PR up-to-date with your master branch. So if you want to have the same update applied on top of your current master branch or you need Depfu to resolve a conflict right now, "@depfu rebase" will immediately redo the update and force-push the changes to the same branch.
Depfu currently ignores this command if you have added your own commits to the branch, as we don't want to throw away your code changes.
If you ever worked with several open Depfu pull requests at the same time, you might know they can easily step on each other’s toes, resulting in merge conflicts. Or the case where you have an open PR with the build still running and you know if the tests pass you’d like to merge it. Instead of leaving multiple tabs open in your browser, waiting for the CI results and then forgetting all about it, you can now tell Depfu: “Please merge this if everything is fine”.
@depfu merge will merge the PR as soon as there are no conflicts and your tests are successful. That means it will also trigger a rebase if it sees a merge conflict or if you have branch protection enabled and require branches to be up-to-date before merging. It’ll wait for the resulting build to run and if it’s successful, will do the merge.
You can easily reopen a pull request from the GitHub UI by restoring the branch and clicking “Reopen”, but this command will do it for you. It’s mostly there for symmetry :)
Sometimes you’ll just want to ignore certain dependencies. Either you know it won’t work with your app ever, it’s not worth the effort because you’ll refactor this area anyway or you want to do it later. If you just close the PR, Depfu will send you new ones for future versions and annoy you (sorry about that).
@depfu pause will mark the dependency that the PR is about (the one in the PR title) as paused and you won’t get PRs for new releases until you resume the dependency. It’ll also close the PR since we know you don’t want to be bothered with it right now. You can resume updates in the UI or via
@depfu resume on any closed PR about the same dependency.
@depfu pause minor|major
This is a variation of the pause command. Instead of pausing updates forever, you just want to ignore all releases of this major or minor release line. So if a version 4.0.0 comes in and you comment with
@depfu pause major, Depfu will ignore all releases in the 4.x.x range. It would still send you releases for 3.x.x and it will also send you a PR if 5.0.0 gets released. You can think of it as “Let’s not handle this now, but also please remind me again at some point”
Of course you can also handle pausing by adding version constraints to your Gemfile or package.json. But if you have Depfu configured to send you PRs for out-of-spec updates, we would send you updates anyway, so the pause commands are especially useful in this scenario.
What was it called again?
In case you forget what the commands are called and how they work, we’ve included all of them in this foldout in all our PRs.