[2023-04-13]: 30 day cutoff for Dependabot Pull Request Rebases - [GA] (#36022)

2023-04-13 18:46:23 +02:00 · 2023-04-13 18:46:23 +02:00 · 2606cafce4
--- a/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md
+++ b/content/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates.md
@ -85,6 +85,8 @@ If your repository already uses an integration for dependency management, you wi

 {% endif %}

+{% ifversion dependabot-updates-rebase-30-days-cutoff %}{% data variables.product.prodname_dependabot %} also stops rebasing pull requests for version and security updates after 30 days, reducing notifications for inactive {% data variables.product.prodname_dependabot %} pull requests.{% endif %}
+
 ## About notifications for {% data variables.product.prodname_dependabot %} version updates

 You can filter your notifications on {% data variables.product.company_short %} to show notifications for pull requests created by {% data variables.product.prodname_dependabot %}. For more information, see "[AUTOTITLE](/account-and-profile/managing-subscriptions-and-notifications-on-github/viewing-and-triaging-notifications/managing-notifications-from-your-inbox)."
--- a/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
+++ b/content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md
@ -528,6 +528,15 @@ updates:

 By default, {% data variables.product.prodname_dependabot %} automatically rebases open pull requests when it detects any changes to the pull request. Use `rebase-strategy` to disable this behavior.

+{% ifversion dependabot-updates-rebase-30-days-cutoff %}
+
+{% note %}
+
+**Note:** {% data reusables.dependabot.pull-requests-30-days-cutoff %}
+
+{% endnote %}
+{% endif %}
+
 Available rebase strategies

 - `auto` to use the default behavior and rebase open pull requests when changes are detected.
@ -539,17 +548,20 @@ When `rebase-strategy` is set to `auto`, {% data variables.product.prodname_depe
 - When you change the value of `target-branch` in the {% data variables.product.prodname_dependabot %} configuration file. For more information about this field, see "[`target-branch`](#target-branch)."
 - When {% data variables.product.prodname_dependabot %} detects that a {% data variables.product.prodname_dependabot %} pull request is in conflict after a recent push to the target branch.

+{% ifversion dependabot-updates-rebase-30-days-cutoff %}
+{% else %}
 {% note %}

 **Note:** {% data variables.product.prodname_dependabot %} will keep rebasing a pull request indefinitely until the pull request is closed, merged or you disable {% data variables.product.prodname_dependabot_updates %}.

 {% endnote %}
+{% endif %}

 When `rebase-strategy` is set to `disabled`, {% data variables.product.prodname_dependabot %} stops rebasing pull requests.

 {% note %}

-**Note:** This behavior only applies to pull requests that go into conflict with the target branch. {% data variables.product.prodname_dependabot %} will keep rebasing pull requests opened prior to the `rebase-strategy` setting being changed, and pull requests that are part of a scheduled run.
+**Note:** This behavior only applies to pull requests that go into conflict with the target branch. {% data variables.product.prodname_dependabot %} will keep rebasing {% ifversion dependabot-updates-rebase-30-days-cutoff %}(until 30 days after opening){% endif %} pull requests opened prior to the `rebase-strategy` setting being changed, and pull requests that are part of a scheduled run.

 {% endnote %}

--- a/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md
+++ b/content/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates.md
@ -52,7 +52,7 @@ If you have many dependencies to manage, you may want to customize the configura

 ## Changing the rebase strategy for {% data variables.product.prodname_dependabot %} pull requests

-By default, {% data variables.product.prodname_dependabot %} automatically rebases pull requests to resolve any conflicts. If you'd prefer to handle merge conflicts manually, you can disable this using the `rebase-strategy` option. For details, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#rebase-strategy)."
+By default, {% data variables.product.prodname_dependabot %} automatically rebases pull requests to resolve any conflicts. {% ifversion dependabot-updates-rebase-30-days-cutoff %}{% data reusables.dependabot.pull-requests-30-days-cutoff %}{% endif %} If you'd prefer to handle merge conflicts manually, you can disable this using the `rebase-strategy` option. For details, see "[AUTOTITLE](/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#rebase-strategy)."

 ## Allowing {% data variables.product.prodname_dependabot %} to rebase and force push over extra commits

--- a/data/features/dependabot-updates-rebase-30-days-cutoff.yml
+++ b/data/features/dependabot-updates-rebase-30-days-cutoff.yml
@ -0,0 +1,6 @@
+# Reference: Issue #9973
+# 30 day cutoff for Dependabot Pull Request Rebases
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>=3.10'
--- a/data/reusables/dependabot/automatically-pause-dependabot-updates.md
+++ b/data/reusables/dependabot/automatically-pause-dependabot-updates.md
@ -1,4 +1,4 @@
-When maintainers of a repository stop interacting with {% data variables.product.prodname_dependabot %} pull requests, {% data variables.product.prodname_dependabot %} temporarily pauses its updates and lets you know. This automatic opt-out behavior reduces noise because {% data variables.product.prodname_dependabot %} doesn't create pull requests for version and security updates, and doesn't rebase {% data variables.product.prodname_dependabot %} pulls requests for inactive repositories.
+When maintainers of a repository stop interacting with {% data variables.product.prodname_dependabot %} pull requests, {% data variables.product.prodname_dependabot %} temporarily pauses its updates and lets you know. This automatic opt-out behavior reduces noise because {% data variables.product.prodname_dependabot %} doesn't create pull requests for version and security updates, and doesn't rebase {% data variables.product.prodname_dependabot %} pull requests for inactive repositories.

 The automatic deactivation of {% data variables.product.prodname_dependabot %} updates only applies to repositories where {% data variables.product.prodname_dependabot %} has opened pull requests but the pull requests remain untouched. If {% data variables.product.prodname_dependabot %} hasn't opened any pull requests, {% data variables.product.prodname_dependabot %} will never become paused.

@ -16,4 +16,4 @@ When {% data variables.product.prodname_dependabot %} is paused, {% data variabl

 As soon as a maintainer interacts with a {% data variables.product.prodname_dependabot %} pull request again, {% data variables.product.prodname_dependabot %} will unpause itself:
 - Security updates are automatically resumed for {% data variables.product.prodname_dependabot_alerts %}.
- Version updates are automatically resumed with the schedule specified in the *dependabot.yml* file. 
+- Version updates are automatically resumed with the schedule specified in the *dependabot.yml* file.
--- a/data/reusables/dependabot/pull-requests-30-days-cutoff.md
+++ b/data/reusables/dependabot/pull-requests-30-days-cutoff.md
@ -0,0 +1 @@
+If a pull request has not been merged for 30 days, {% data variables.product.prodname_dependabot %} will stop rebasing the pull request. You can still manually rebase and merge the pull request.
				`@ -0,0 +1 @@`
				`If a pull request has not been merged for 30 days, {% data variables.product.prodname_dependabot %} will stop rebasing the pull request. You can still manually rebase and merge the pull request.`