Remove Dependabot PRs from release notes?

[mattfelten]

Dependabot recently started barraging my project with PRs, and while useful, it's making release notes quite noisy. I can't seem to figure out how to remove dependabot PRs though.

{
	"plugins": [
		[
			"npm",
			{
				"monorepoChangelog": false
			}
		],
		[
			"omit-release-notes",
			{
				"username": "dependabot[bot]"
			}
		],
		"first-time-contributor",
		"released"
	],
	…
}

Using omit-release-notes seems like it should work but it doesn't. Is there something I'm missing about how this works?

[hasparus]

I had the same problem. I ended up entirely omitting dependabot's commits with omit-commits plugin.

const omitCommitsOptions: IOmitCommitsPluginOptions = {
  subject: [
    'Merge branch',
    'chore:',
    'chore(',
    'ci(',
    'ci:',
    'test:',
    'test(',
    'fix(ci):',
  ],
} 

export default function config(): AutoRc {
  return {
    baseBranch: 'stable',
    prereleaseBranches: ['develop'],
    plugins: [
      ['npm', npmOptions],
      ['conventional-commits', conventionalCommitsOptions],
      'first-time-contributor',
      'released',
      ['all-contributors', allContributorsOptions],
      ['omit-commits', omitCommitsOptions],
    ],
  }
}

[hydrosquall]

Thanks for sharing this example @hasparus - on the topic of muting Dependabot, we're also avoiding building canary commits for Dependabot's PRs using github actions syntax to avoid running shipit on branches that matches its naming pattern. Not sure if there's a way to ignore it from within Auto's config directly.

vega/ts-json-schema-generator#856 (comment)

[mattfelten]

I do see there's the bot-list package that does include dependabot among others, but I'm not sure how that should be used.

[hipstersmoothie]

@mattfelten could you post a log with -vv here? once I know the username we can add it to the botlist. maybe the botlist should support regexes?