Dependabot-core: Using `@dependabot recreate` doesn't do anything

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs within seven days. Thank you for your contributions.

Well, that's one way to deal with reported issues. I understand you're just a bot, but wouldn't it make sense if a human looked at it? ;-)

Having the same issue, dependabot temporarily changes the description to let me know that it's rebasing the PR but nothing about the PR is touched or changed, and I didn't request a rebase in the first place.

I had the same problem in https://github.com/xh3b4sd/logger/pull/10. After a couple of minutes I got impatient and moved on. Dependabot is pretty slow at times and I am not sure what it is doing and for how long I am supposed to wait for anything to happen. Note that in the linked PR no actions seem to have been run at all in the last commit so it might be related to Github Actions as well.

@mthmulders in your case it seems like the PR was created, but then we encountered an issue adding labels, previously Dependabot would "lose" those pull requests, and so the @dependabot rebase never reached us. That bug should since have been fixed so that shouldn't happen anymore. Apologies on the late response, we've since removed stalebot.

@amiralibazazi what you're describing sounds like Dependabot is rebasing those PRs because the main branch was changed, Dependabot will rebase PRs if one of the manifest files or lockfiles was changed (a Gemfile or package.json for example).

@xh3b4sd it seems like Dependabot did 👍 on your comment, you may have merged the PR before the rebase was able to complete? Also I noticed that you're running an action that commits back to the branch, normally dependabot will no longer be able to rebase those PRs, if you're OK with Dependabot force pushing over the commits, you may want to configure your action to commit with [dependabot skip] in the commit title, that way it'll know that it's an automated commit that it can force push over (assuming the action will run again).

Thanks for reaching out, @jurre.

@mthmulders in your case it seems like the PR was created, but then we encountered an issue adding labels, previously Dependabot would "lose" those pull requests, and so the @dependabot rebase never reached us. That bug should since have been fixed so that shouldn't happen anymore. Apologies on the late response, we've since removed stalebot.

I've sent a @dependabot recreate again (I kept the pull request open just for this one). Neither the one from Jan 22 nor the one from today is being followed-up with a 👍 as far as I can see. Did todays @dependabot recreate reach you this time?

I've sent a @dependabot recreate again (I kept the pull request open just for this one). Neither the one from Jan 22 nor the one from today is being followed-up with a 👍 as far as I can see. Did todays @dependabot recreate reach you this time?

Unfortunately we won't be able to re-register these old PRs, Dependabot simply doesn't know about them and we can't handle any comments on these PRs, what I meant to say is that it has been fixed for future PRs. However, I just spotted that you're on dependabot-preview (which is the pre-acquisition version of Dependabot) and the fix I described hasn't been implemented there. I'd suggest upgrading to the GH native version if possible, if you go to dependabot.com there should be a button that lets you transition easily.

However, I just spotted that you're on dependabot-preview (which is the pre-acquisition version of Dependabot) and the fix I described hasn't been implemented there. I'd suggest upgrading to the GH native version if possible, if you go to dependabot.com there should be a button that lets you transition easily.

Thanks for noticing, I didn't know I had to trigger migration manually.

@xh3b4sd it seems like Dependabot did 👍 on your comment, you may have merged the PR before the rebase was able to complete? Also I noticed that you're running an action that commits back to the branch, normally dependabot will no longer be able to rebase those PRs, if you're OK with Dependabot force pushing over the commits, you may want to configure your action to commit with [dependabot skip] in the commit title, that way it'll know that it's an automated commit that it can force push over (assuming the action will run again).

I never know when dependabot will still do something or not or how long it will take. Knowing that dependabot will not do anything after another commit is good, though why is it reacting then with thumbs up. The user feedback so far suggests that it will do something, but it did not do anything. Further I would not like to encode third party dependency semantics in commit messages. If everyone would do that it would become impossible to integrate systems properly. Regardless, getting back with your feedback is appreciated.

I never know when dependabot will still do something or not or how long it will take.

I understand. It's not deterministic so it's hard to answer, but we can think about ways to improve the experience, I appreciate your feedback 👍

Looking at the PR description history it does seem like dependabot started to rebase the PR:

⚠️ Dependabot is rebasing this PR ⚠️

But then the PR was merged about 9 minutes later. It can definitely take more than 9 minutes to rebase, as we actually trigger a new update on top of the new ref.

When that notice is being shown, Dependabot is still busy performing work.

Knowing that dependabot will not do anything after another commit is good, though why is it reacting then with thumbs up

It won't _rebase_, but it will _recreate_, that's why it's giving a thumbs-up here.

Further I would not like to encode third party dependency semantics in commit messages.

That's fine, you don't have to. It's just that dependabot can't know if it's ok to rebase the commit if the main branch has changed if you don't specify that, so it won't keep the PR up to date automatically.