Initial commit

2025-11-29 18:25:10 +08:00
commit baa4ae03a9
5 changed files with 213 additions and 0 deletions
--- a/.claude-plugin/plugin.json
+++ b/.claude-plugin/plugin.json
@@ -0,0 +1,11 @@
 {
  "name": "dependabot",
  "description": "Commands to interact with Dependabot on GitHub repositories.",
  "version": "0.4.1",
  "author": {
    "name": "Aotokitsuruya"
  },
  "commands": [
    "./commands"
  ]
 }
--- a/README.md
+++ b/README.md
@@ -0,0 +1,3 @@
 # dependabot
 Commands to interact with Dependabot on GitHub repositories.
--- a/commands/merge.md
+++ b/commands/merge.md
@@ -0,0 +1,113 @@
 ---
 allowed-tools: Bash(gh auth:*), Bash(gh pr view:*), Bash(gh pr list:*), Bash(gh pr checks:*), Bash(gh pr merge:*), Bash(gh pr review:*), Bash(gh repo view:*), Bash(sleep)
 description: Automatically approve and merge Dependabot pull requests in current repository
 ---
 # Rule
 The `<execute>ARGUMENTS</execute>` will execute the main procedure.
 # Role
 You are a DevOps automation specialist with expertise in dependency management and GitHub workflow automation.
 # Context
 - Current user: !`gh auth status --active`
 - Viewer permission: !`gh repo view --json viewerPermission -q '.viewerPermission'`
 - Dependabot PRs: !`gh pr list --author 'dependabot[bot]' --state open --json number,title -q '.[] | {number: .number, title: .title}'`
 # Definition
 <function name="is_major_update">
    <parameters>pr_title</parameters>
    <description>Determine if PR is a major version update</description>
    <step>1. Parse version numbers from PR title</step>
    <step>2. Check if major version changed</step>
    <return>Boolean indicating if major update</return>
 </function>
 <function name="is_mergeable">
    <parameters>pr_number</parameters>
    <description>Check if PR is mergeable</description>
    <step>1. Use `gh pr view {pr_number} --json mergeable` to get mergeable status</step>
    <step>2. Use `gh pr checks {pr_number}` to check status of required checks</step>
    <return>Mergeable status (MERGEABLE/CONFLICTING/UNKNOWN)</return>
 </function>
 <function name="check_pr_status">
    <parameters>pr_number</parameters>
    <description>Get PR status and determine next action</description>
    <step>1. Use `gh pr checks {pr_number} --watch` to wait for checks to complete</step>
    <step>2. Use `gh pr view {pr_number} --json body,state,mergeable,commits,reviewDecision,labels` to get PR details</step>
    <return>PR state and metadata</return>
 </function>
 <function name="enable_auto_merge">
    <parameters>pr_number</parameters>
    <description>Enable auto-merge on a PR</description>
    <step>1. Use `gh pr merge {pr_number} --auto --squash` to enable auto-merge</step>
    <condition if="Squash merge not supported">
        <step>2. Use `gh pr merge {pr_number} --auto --merge` as fallback</step>>
    </condition>
    <step>3. Use `gh pr view {pr_number} --json autoMergeRequest` to confirm auto-merge is enabled</step>
    <return>Auto-merge enablement status</return>
 </function>
 <function name="approve_pr">
    <parameters>pr_number</parameters>
    <description>Approve a single Dependabot PR</description>
    <step>1. Use `gh pr review {pr_number} --approve` to approve the PR</step>
    <step>2. Check approval status</step>
    <return>Approval result</return>
 </function>
 <procedure name="merge">
    <parameters>pr_number</parameters>
    <description>Merge a single Dependabot PR</description>
    <condition if="is_major_update(pr_title)">
        <step>1. Skip major version updates for manual review</step>
        <return>"Skipped major update PR #{pr_number} for manual review"</return>
    </condition>
    <condition if="is_mergeable(pr_number) != 'MERGEABLE'">
        <step>2. Log and skip non-mergeable PR</step>
        <return>"PR #{pr_number} is not mergeable"</return>
    </condition>
    <step>3. Call <execute function="enable_auto_merge">{pr_number}</execute> to enable auto-merge</step>
    <step>4. Call <execute function="approve_pr">{pr_number}</execute> to approve the PR</step>
    <step>5. Monitor PR status using <execute function="check_pr_status">{pr_number}</execute> until merged or closed</step>
    <condition if="Dependabot is rebasing">
        <step>6. Wait until rebase completes</step>
        <step>7. Re-enable auto-merge and re-approve if needed</step>
        <step>8. Monitor until merged or closed</step>
    </condition>
    <condition if="PR closed without merging">
        <step>9. Log and skip to next PR</step>
        <return>"PR #{pr_number} was closed without merging"</return>
    </condition>
    <condition if="PR has conflects">
        <step>10. Check if Dependabot is already rebasing and wait for it</step>
        <step>11. If no rebasing in message body, use AskUserQuestion tool to confirm if user wants to comment with "@dependabot rebase" to rebase or skip</step>
        <step>12. Monitor PR status again</step>
        <step>13. Re-enable auto-merge and re-approve if needed</step>
        <step>14. Monitor until merged or closed</step>
    </condition>
    <return>"PR #{pr_number} merged successfully"</return>
 </procedure>
 <procedure name="main">
    <description>Process multiple PRs in parallel with retry logic</description>
    <condition if="No open Dependabot PRs">
        <return>"No open Dependabot PRs found"</return>
    </condition>
    <step>1. For each PR, spawn a separate process to call <execute procedure="merge">{pr_number}</execute></step>
    <step>2. Implement retry logic with exponential backoff for transient failures (max 5 attempts)</step>
    <condition if="has skipped PRs due to major updates">
        <step>3. Use ask question tool to confirm if user wants to merge skipped major update PRs manually</step>
    </condition>
    <return>Summary of merge results for all PRs</return>
 </procedure>
 # Task
 <execute procedure="main">$ARGUMENTS</execute>
--- a/commands/setup.md
+++ b/commands/setup.md
@@ -0,0 +1,37 @@
 ---
 allowed-tools: Read, Write, Edit, LS, Grep, Glob, TodoWrite, WebFetch(domain:docs.github.com)
 description: Create dependabot.yml configuration file to make repository use Dependabot for dependency updates
 ---
 # Rule
 The `<execute>ARGUMENTS</execute>` will execute the main procedure.
 # Role
 You are a DevOps automation specialist with expertise in dependency management and GitHub workflow automation.
 # Preferences
 By the default, use minimal and default configuration necessary to setup config. After completing the task, use ask question tool to inquire if user wants more advanced configuration.
 > The options should allow stop withount advanced configuration.
 # Definition
 <procedure name="main">
    <description>Set up Dependabot in the current repository</description>
    <step>1. Review repository structure to identify package manager files (e.g., package.json, requirements.txt, etc.)</step>
    <step>2. Read "https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference" for Dependabot configuration options</step>
    <condition if="dependabot.yml already exists">
        <step>3. Use ask question tool to provide customization options or overwrite existing configuration</step>
        <return>Message indicating existing configuration was found and action taken</return>
    </condition>
    <step>3. Create a `.github/dependabot.yml` file with appropriate configuration for detected package managers</step>
    <step>4. Write the configuration file to the repository</step>
    <return>Confirmation message indicating Dependabot setup is complete</return>
 </procedure>
 # Task
 <execute procedure="main">$ARGUMENTS</execute>
--- a/plugin.lock.json
+++ b/plugin.lock.json
@@ -0,0 +1,49 @@
 {
  "$schema": "internal://schemas/plugin.lock.v1.json",
  "pluginId": "gh:elct9620/claudekit:plugins/dependabot",
  "normalized": {
    "repo": null,
    "ref": "refs/tags/v20251128.0",
    "commit": "963a4eb9202d2d56962e46b00091b627290abead",
    "treeHash": "a3428d9e5945580b695f00349c5c4c4d14fca5d5151e44170210320f288b595f",
    "generatedAt": "2025-11-28T10:16:44.546777Z",
    "toolVersion": "publish_plugins.py@0.2.0"
  },
  "origin": {
    "remote": "git@github.com:zhongweili/42plugin-data.git",
    "branch": "master",
    "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
    "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
  },
  "manifest": {
    "name": "dependabot",
    "description": "Commands to interact with Dependabot on GitHub repositories.",
    "version": "0.4.1"
  },
  "content": {
    "files": [
      {
        "path": "README.md",
        "sha256": "93b98296eec01e304d1a0fee195331686e09c00f0dd3807e3075ae7c1962abd7"
      },
      {
        "path": ".claude-plugin/plugin.json",
        "sha256": "db70aa4e81a8c374e766f67b3c1768a495d53fb8e13421c5830fbf3ec6b06411"
      },
      {
        "path": "commands/setup.md",
        "sha256": "38ddc774adfaf471e58a3ddca046dfc2654f296fb022c010caa201ed7a3c09e2"
      },
      {
        "path": "commands/merge.md",
        "sha256": "08db82a6152c669e266b7aab9af1a52aa773274f36b042e8e648d09d676890cd"
      }
    ],
    "dirSha256": "a3428d9e5945580b695f00349c5c4c4d14fca5d5151e44170210320f288b595f"
  },
  "security": {
    "scannedAt": null,
    "scannerVersion": null,
    "flags": []
  }
 }
		`@@ -0,0 +1,3 @@`
							`# dependabot`

							`Commands to interact with Dependabot on GitHub repositories.`