For which repos is Dependabot paused?
Configured complexty aside, another challenge I have with GitHub’s (otherwise very useful) Dependabot tool is that, when I receive multiple PRs each updating a single Go module, my preference is to combine the updates myself into one PR. A downside of this approach is that Dependabot gets pissed off and pauses updates on repos where I do this repeatedly.
In which repos is Dependabot enabled (this check can be avoid) but paused?
API Check if automated security fixes are enable for a repo
TOKEN="..." # GitHub token
VERS="2022-11-22"
# User repos
REPOS=$(\
curl \
--silent \
--location \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${TOKEN}" \
--header "X-GitHub-Api-Version: ${VERS}" \
https://api.github.com/user/repos?per_page=100 \
| jq -r .[].name)
# Org repos
ORG="..."
REPOS=$(\
curl \
--silent \
--location \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${TOKEN}" \
--header "X-GitHub-Api-Version: ${VERS}" \
https://api.github.com/orgs/${ORG}/repos?per_page=100 \
| jq -r .[].name)
for REPO in ${REPOS}
do
curl \
--silent \
--location \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer ${TOKEN}" \
--header "X-GitHub-Api-Version: ${VERS}" \
https://api.github.com/repos/${ORG}/${REPO}/automated-security-fixes \
| jq -r ".|select(.enabled and .paused)|{\"repo\":\"${REPO}\"}|.repo"
done
I think it’s possible to re-enable Dependabot by refreshing jobs under Dependency graph:
https://github.com/{ORG|USER}/{REPO}/network/updates