Skip to content

Drop @dependabot close comment from prerelease close path#39

Merged
zkoppert merged 1 commit into
mainfrom
zkoppert/triage-dependabot-drop-dependabot-close-comment
Jun 15, 2026
Merged

Drop @dependabot close comment from prerelease close path#39
zkoppert merged 1 commit into
mainfrom
zkoppert/triage-dependabot-drop-dependabot-close-comment

Conversation

@zkoppert

Copy link
Copy Markdown
Owner

Why

PR #38 made do_dependabot_close post @dependabot close AND force-close via gh pr close --delete-branch. The comment was kept so Dependabot's tracking would see the directive, but production evidence on the very first post-merge cron tick proves the comment is unnecessary noise:

Posting a redundant comment on every prerelease close adds clutter to PR timelines, sends an extra notification, and slightly increases the audit-log noise from the bot account. I dropped it.

What changed

  • do_dependabot_close now makes exactly one subprocess call: gh pr close --repo <repo> <number> --delete-branch.
  • The same narrow _is_already_closed_stderr try/except still wraps the close call. Auth, rate limit, timeout, and branch-deletion failures continue to propagate so the outer run loop records them and the next cron tick retries.
  • The dry-run log line was simplified to match.
  • I added test_do_dependabot_close_does_not_post_dependabot_close_comment as an explicit regression guard. It inspects every run_gh call from inside the function and asserts no pr comment call is ever made. If a future change drifts a comment back in, this test fails immediately.
  • I updated test_do_dependabot_close_swallows_already_closed_error from call_count == 2 to 1, replaced the old two-call assertion test with a single-call equivalent, and refreshed docstrings in triage_dependabot.py, tests.py, README.md, and SKILL.md.

Testing

  • All 214 tests pass locally (python3 -m pytest tests.py -q, 213 → 214 with the new regression guard).
  • pyflakes clean.
  • Multi-model review (Opus 4.7 + Sonnet 4.6 + GPT 5.5) all returned "no significant issues". All three reviewers verified the error-propagation paths and cooldown invariants are preserved.

Rollout

What to watch after merge

  • I will spot-check the next triage-dependabot.log cron tick that has closed_prerelease >= 1 to confirm the closed PR has no @dependabot close comment authored by me near the close timestamp.

The triage-dependabot skill used to post '@dependabot close' on a
prerelease PR before force-closing it via 'gh pr close --delete-branch'.
The comment was originally kept so Dependabot's tracking would see the
directive, but once the direct API close lands the comment is pure
noise on the PR timeline (see github-community-projects/contributors#496
and measure-innersource#193 where the comment accumulated 12-27 times
before close).

The force-close on its own is sufficient. I dropped the comment, the
dry-run log line that announced it, and the corresponding test
assertions. I added a regression test that asserts no 'pr comment' call
is ever made from do_dependabot_close so this can't drift back.

Tests: 214 pass (was 213; one comment-noise regression guard added).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: Zack Koppert <zkoppert@github.com>
@zkoppert zkoppert self-assigned this Jun 15, 2026
@zkoppert zkoppert requested a review from Copilot June 15, 2026 22:28
@zkoppert zkoppert marked this pull request as ready for review June 15, 2026 22:28

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR simplifies the prerelease close path in the triage-dependabot skill by removing the redundant @dependabot close comment that was posted before force-closing the PR. Production evidence showed Dependabot ignoring that comment for hours, and the direct gh pr close --delete-branch was doing all the work - making the comment pure timeline noise and notification spam.

Changes:

  • Removed the run_gh(["pr", "comment", ...]) call from do_dependabot_close, leaving only the gh pr close --delete-branch API call
  • Added a regression guard test (test_do_dependabot_close_does_not_post_dependabot_close_comment) and updated existing test assertions to reflect the single-call behavior
  • Updated docstrings, README, and SKILL.md to document the simplified close-prerelease path
Show a summary per file
File Description
.copilot/skills/triage-dependabot/triage_dependabot.py Removed the @dependabot close comment call and updated the function docstring to reflect single-step close behavior
.copilot/skills/triage-dependabot/tests.py Renamed/updated existing test, added regression guard test, adjusted call_count assertions from 2→1, refreshed docstrings
.copilot/skills/triage-dependabot/SKILL.md Updated the close-prerelease outcome description to remove mention of the comment step
.copilot/skills/triage-dependabot/README.md Updated decision table and detailed prerelease section to reflect comment removal

Copilot's findings

  • Files reviewed: 4/4 changed files
  • Comments generated: 0

@zkoppert zkoppert merged commit 8f94c83 into main Jun 15, 2026
2 checks passed
@zkoppert zkoppert deleted the zkoppert/triage-dependabot-drop-dependabot-close-comment branch June 15, 2026 23:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants