Requesting Approval for installing kodiak for plugin-site

The plugin site currently uses gatsby which due to the huge number of people working on it, gets lots of bug fixes and lots of releases. This means with dependabot we get like 30+ PRs a week.

I know i’ve started to ignore them unless its a major security fix or I’m waiting for a feature to be release. @zbynek and to a lesser degree @timja still merge them, but its slowing down on their parts.


  1. Disable dependabot and just upgrade sometimes
    • harder and scarier to upgrade when need arrises
  2. Automate it
  3. Continue as is.

For #2, which is my preferred solution, i saw @jglick mention kodiak on a jira ticket a while ago and have been meaning to try it. Last night I set it up on a personal project and found it super easy to configure to only auto merge dependabot minor PRs as long as it passes CI.

I know there’s some security concerns about auto merging but honestly I don’t think people currently review the upstream patches anyways.

Makes sense the main thing that gets to me is the huge number of notifications from them I get.

I want to watch the repo for actual PRs but not 20 dependabot PRs.

And not 20 notifications when one gets merged because 1 PR got merged and dependabot rebased the others :frowning: (probably because of conflicts

you and me both. But at least this way i can safely ignore them, and then just check the open prs once in a while.

No objections to me for an experiment with Kodiak on the plugins site repository.

I am also interested by the outcome of this experiment, let’s try it only on pluginsite for now

Voila so Kodiak is only available for jenkins-infra/plugin-site
Let start specific discussion if we want to use it for more repositories

Here is a link that explain how to configure kodiak