There are two main ways you can interact with Depfu: clicking around in the UI and by commenting on the Depfu pull requests.

The UI is for getting an overview and configuring Depfu. The bot commands via comments are for day-to-day interactions, mainly working with a single version upgrade. You probably know the existing @depfu rebase.

Today we’re launching a few more bot commands that we think will make your everyday work with Depfu smoother and easier:

@depfu merge

If you ever worked with several open Depfu pull requests at the same time, you might know they can easily step on each other’s toes, resulting in merge conflicts. Or the case where you have an open PR with the build still running and you know if the tests pass you’d like to merge it. Instead of leaving multiple tabs open in your browser, waiting for the CI results and then forgetting all about it, you can now tell Depfu: “Please merge this if everything is fine”.

@depfu merge will merge the PR as soon as there are no conflicts and your tests are successful. That means it will also trigger a rebase if it sees a merge conflict or if you have branch protection enabled and require branches to be up-to-date before merging. It’ll wait for the resulting build to run and if it’s successful, will do the merge.

@depfu reopen

You can easily reopen a pull request from the GitHub UI by restoring the branch and clicking “Reopen”, but this command will do it for you. It’s mostly there for symmetry :)

@depfu pause

Sometimes you’ll just want to ignore certain dependencies. Either you know it won’t work with your app ever, it’s not worth the effort because you’ll refactor this area anyway or you want to do it later. If you just close the PR, Depfu will send you new ones for future versions and annoy you (sorry about that).

@depfu pause will mark the dependency that the PR is about (the one in the PR title) as paused and you won’t get PRs for new releases until you resume the dependency. It’ll also close the PR since we know you don’t want to be bothered with it right now. You can resume updates in the UI or via @depfu resume on any closed PR about the same dependency.

@depfu pause minor|major

This is a variation of the pause command. Instead of pausing updates forever, you just want to ignore all releases of this major or minor release line. So if a version 4.0.0 comes in and you comment with @depfu pause major, Depfu will ignore all releases in the 4.x.x range. It would still send you releases for 3.x.x and it will also send you a PR if 5.0.0 gets released. You can think of it as “Let’s not handle this now, but also please remind me again at some point”

Of course you can also handle pausing by adding version constraints to your Gemfile or package.json. But if you have Depfu configured to send you PRs for out-of-spec updates, we would send you updates anyway, so the pause commands are especially useful in this scenario.

What was it called again?

In case you forget what the commands are called and how they work, we’ve included all of them in this foldout in all our PRs.

We hope these new commands make your day-to-day work with dependencies and our pull requests just a little bit nicer. If you have any questions, ideas or feedback about this: Let us know on Twitter or via email.