From: "Earlopain (Earlopain _) via ruby-core" Date: 2025-10-29T08:35:56+00:00 Subject: [ruby-core:123591] [Ruby Misc#21656] Exclude dependabot PRs from automated gem release notes Issue #21656 has been updated by Earlopain (Earlopain _). Yeah! I just found that as well: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes#configuring-automatically-generated-release-notes I was thinking about something a bit more complicated but luckily the api docs pointed me in the right direction. ---------------------------------------- Misc #21656: Exclude dependabot PRs from automated gem release notes https://bugs.ruby-lang.org/issues/21656#change-114972 * Author: Earlopain (Earlopain _) * Status: Open ---------------------------------------- Ruby has many gems, and many of them have release notes generated with the github command line instead of being written by a human. Usually that is fine, I don't have much of a problem with that approach. But what is less ideal is that github actions are pinned by commit hash/minor version which causes many dependabot PRs. This results in release notes like this: https://github.com/ruby/timeout/releases/tag/v0.4.4 ``` Bump rubygems/release-gem from 1.1.0 to 1.1.1 by @dependabot[bot] in #56 Bump step-security/harden-runner from 2.10.2 to 2.10.3 by @dependabot[bot] in #57 Bump step-security/harden-runner from 2.10.3 to 2.10.4 by @dependabot[bot] in #59 Bump step-security/harden-runner from 2.10.4 to 2.11.0 by @dependabot[bot] in #60 Bump step-security/harden-runner from 2.11.0 to 2.11.1 by @dependabot[bot] in #61 Bump step-security/harden-runner from 2.11.1 to 2.12.0 by @dependabot[bot] in #62 Bump step-security/harden-runner from 2.12.0 to 2.12.1 by @dependabot[bot] in #63 Gracefully handle a call to ensure_timeout_thread_created in a signal handler by @eregon in #64 Bump step-security/harden-runner from 2.12.1 to 2.12.2 by @dependabot[bot] in #65 Bump step-security/harden-runner from 2.12.2 to 2.13.0 by @dependabot[bot] in #66 Bump actions/checkout from 4 to 5 by @dependabot[bot] in #67 Bump step-security/harden-runner from 2.13.0 to 2.13.1 by @dependabot[bot] in #68 Add a workflow to sync commits to ruby/ruby by @k0kubun in #69 ``` You might have missed it but hidden between all the automated non-user facing PRs is actually something that users might want to read about: `Gracefully handle a call to ensure_timeout_thread_created in a signal handler by @eregon in #64`. I would like these release notes to omit bot PRs since they don't have any impact on gem consumers and only make it hard to actually find what changed. Doing a quick search, 56 gems create release notes in this way: https://github.com/search?q=org%3Aruby+lang%3Ayml+--generate-notes&type=code. Really, I would want these written by a human since even without bot PRs there are still many that are just maintenance to fix CI or similar that don't concern the end user but I can understand that probably no one actually wants to write these by hand, which is why I propose to just exclude bot PRs. That should already have a pretty big impact. -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/lists/ruby-core.ml.ruby-lang.org/