Drop @dependabot close comment from prerelease close path#39
Merged
zkoppert merged 1 commit intoJun 15, 2026
Merged
Conversation
The triage-dependabot skill used to post '@dependabot close' on a prerelease PR before force-closing it via 'gh pr close --delete-branch'. The comment was originally kept so Dependabot's tracking would see the directive, but once the direct API close lands the comment is pure noise on the PR timeline (see github-community-projects/contributors#496 and measure-innersource#193 where the comment accumulated 12-27 times before close). The force-close on its own is sufficient. I dropped the comment, the dry-run log line that announced it, and the corresponding test assertions. I added a regression test that asserts no 'pr comment' call is ever made from do_dependabot_close so this can't drift back. Tests: 214 pass (was 213; one comment-noise regression guard added). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Signed-off-by: Zack Koppert <zkoppert@github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR simplifies the prerelease close path in the triage-dependabot skill by removing the redundant @dependabot close comment that was posted before force-closing the PR. Production evidence showed Dependabot ignoring that comment for hours, and the direct gh pr close --delete-branch was doing all the work - making the comment pure timeline noise and notification spam.
Changes:
- Removed the
run_gh(["pr", "comment", ...])call fromdo_dependabot_close, leaving only thegh pr close --delete-branchAPI call - Added a regression guard test (
test_do_dependabot_close_does_not_post_dependabot_close_comment) and updated existing test assertions to reflect the single-call behavior - Updated docstrings, README, and SKILL.md to document the simplified close-prerelease path
Show a summary per file
| File | Description |
|---|---|
.copilot/skills/triage-dependabot/triage_dependabot.py |
Removed the @dependabot close comment call and updated the function docstring to reflect single-step close behavior |
.copilot/skills/triage-dependabot/tests.py |
Renamed/updated existing test, added regression guard test, adjusted call_count assertions from 2→1, refreshed docstrings |
.copilot/skills/triage-dependabot/SKILL.md |
Updated the close-prerelease outcome description to remove mention of the comment step |
.copilot/skills/triage-dependabot/README.md |
Updated decision table and detailed prerelease section to reflect comment removal |
Copilot's findings
- Files reviewed: 4/4 changed files
- Comments generated: 0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
PR #38 made
do_dependabot_closepost@dependabot closeAND force-close viagh pr close --delete-branch. The comment was kept so Dependabot's tracking would see the directive, but production evidence on the very first post-merge cron tick proves the comment is unnecessary noise:@dependabot closecomments from 2026-06-13 through 2026-06-15 20:09Z, none of which closed it.@dependabot closecomment and then immediately calledgh pr close --delete-branch. The PR closed at 22:01:58Z - 2 seconds later.@dependabot closecomment was redundant decoration on the timeline.Posting a redundant comment on every prerelease close adds clutter to PR timelines, sends an extra notification, and slightly increases the audit-log noise from the bot account. I dropped it.
What changed
do_dependabot_closenow makes exactly one subprocess call:gh pr close --repo <repo> <number> --delete-branch._is_already_closed_stderrtry/except still wraps the close call. Auth, rate limit, timeout, and branch-deletion failures continue to propagate so the outer run loop records them and the next cron tick retries.test_do_dependabot_close_does_not_post_dependabot_close_commentas an explicit regression guard. It inspects everyrun_ghcall from inside the function and asserts nopr commentcall is ever made. If a future change drifts a comment back in, this test fails immediately.test_do_dependabot_close_swallows_already_closed_errorfromcall_count == 2to1, replaced the old two-call assertion test with a single-call equivalent, and refreshed docstrings intriage_dependabot.py,tests.py,README.md, andSKILL.md.Testing
python3 -m pytest tests.py -q, 213 → 214 with the new regression guard).pyflakesclean.Rollout
gh pr closewith zero PR comments from me.@dependabot closecomments are posted by me on any new prerelease PR and (b) any new prerelease PR closes on the first cron tick.What to watch after merge
triage-dependabot.logcron tick that hasclosed_prerelease >= 1to confirm the closed PR has no@dependabot closecomment authored by me near the close timestamp.