Find blocked pull requests in GitHub organizations and automatically merge similar pull requests across GitHub organizations, supporting both automation tools (like Dependabot, pre-commit.ci, Renovate) and regular GitHub users.
Dependamerge provides two main functions:
- Finding Blocked PRs: Check entire GitHub organizations to identify pull requests with conflicts, failing checks, or other blocking issues
- Automated Merging: Analyze a source pull request and find similar pull requests across all repositories in the same GitHub organization, then automatically approve and merge the matching PRs
This saves time on routine dependency updates, maintenance tasks, and coordinated changes across all repositories while providing visibility into unmergeable PRs that need attention.
Works with any pull request regardless of author, automation tool, or origin.
- Comprehensive PR Analysis: Checks all repositories in a GitHub organization for unmergeable pull requests
- Blocking Reason Detection: Identifies specific reasons preventing PR merges (conflicts, failing checks, blocked reviews)
- Copilot Integration: Counts unresolved GitHub Copilot feedback comments (column shown when present)
- Smart Filtering: Excludes standard code review requirements, focuses on technical blocking issues
- Detailed Reporting: Provides comprehensive tables and summaries of problematic PRs
- Real-time Progress: Live progress display shows checking status and current operations
- Universal PR Support: Works with any pull request regardless of author or automation tool
- Smart Matching: Uses content similarity algorithms to match related PRs across repositories
- Bulk Operations: Approve and merge related similar PRs with a single command
- Security Features: SHA-based authentication for non-automation PRs ensures authorized bulk merges
- Dry Run Mode: Preview what changes will apply without modifications
- Rich CLI Output: Beautiful terminal output with progress indicators and tables
- Real-time Progress: Live progress updates for both checking and merge operations
- Output Formats: Support for table and JSON output formats
- Error Handling: Graceful handling of API rate limits and repository access issues
- Any pull request from any author
- Manual pull requests from developers
- Automation tool pull requests (Dependabot, Renovate, etc.)
- Bot-generated pull requests
- Coordinated changes across repositories
# Install from source
git clone <repository-url>
cd dependamerge
pip install -e .
# Or install dependencies directly
pip install typer requests PyGithub rich pydanticYou need a GitHub personal access token with appropriate permissions:
- Go to GitHub Settings → Developer settings → Personal access tokens
- Create a token with these scopes:
repo(for private repositories)public_repo(for public repositories)read:org(to list organization repositories)
Set the token as an environment variable:
export GITHUB_TOKEN=your_token_hereOr pass it directly to the command using --token.
Find blocked pull requests in an entire GitHub organization:
# Basic organization check for blocked PRs
dependamerge blocked myorganization
# Check with JSON output
dependamerge blocked myorganization --format json
# Disable real-time progress display
dependamerge blocked myorganization --no-progressThe blocked command will:
- Analyze all repositories in the organization
- Identify PRs with technical blocking issues
- Report blocking reasons (merge conflicts, failing workflows, etc.)
- Count unresolved GitHub Copilot feedback comments (displayed when present)
- Exclude standard code review requirements from blocking reasons
For any pull request from any author:
dependamerge merge https://github.com/lfreleng-actions/python-project-name-action/pull/22For extra security, you can use the --override flag with SHA-based validation:
dependamerge merge https://github.com/owner/repo/pull/123 \
--override a1b2c3d4e5f6g7h8The SHA hash derives from:
- The PR author's GitHub username
- The first line of the commit message
- This provides an extra layer of validation for sensitive operations
dependamerge merge \
https://github.com/lfreleng-actions/python-project-name-action/pull/22dependamerge merge https://github.com/owner/repo/pull/123 --dry-rundependamerge merge https://github.com/owner/repo/pull/123 \
--threshold 0.9 \
--merge-method squash \
--fix \
--no-progress \
--token your_github_token-
--format TEXT: Output format - table or json (default: table) -
--progress/--no-progress: Show real-time progress updates (default: progress) -
--token TEXT: GitHub token (alternative to GITHUB_TOKEN env var)
--dry-run: Show what changes will apply without making them--threshold FLOAT: Similarity threshold for matching PRs (0.0-1.0, default: 0.8)--merge-method TEXT: Merge method - merge, squash, or rebase (default: merge)--fix: Automatically fix out-of-date branches before merging--progress/--no-progress: Show real-time progress updates (default: progress)--token TEXT: GitHub token (alternative to GITHUB_TOKEN env var)--override TEXT: SHA hash for extra security validation
- Parse Source PR: Analyzes the provided pull request URL and extracts metadata
- Organization Check: Lists all repositories in the same GitHub organization
- PR Discovery: Finds all open pull requests in each repository
- Content Matching: Compares PRs using different similarity metrics:
- Title similarity (normalized to remove version numbers)
- File change patterns
- Author matching
- Optional Validation: If
--overrideprovided, validates SHA for extra security - Approval & Merge: For matching PRs above the threshold:
- Adds an approval review
- Merges the pull request
- Source PR Merge: Merges the original source PR that served as the baseline
The tool uses different algorithms to determine if PRs are similar:
- Removes version numbers (e.g., "1.2.3", "v2.0.0")
- Removes commit hashes
- Removes dates
- Normalizes whitespace
- Compares changed filenames using Jaccard similarity
- Accounts for path normalization
- Ignores version-specific filename differences
Combines different factors:
- Title similarity score
- File change similarity score
- Author matching (same automation tool)
# Check organization for blocked PRs
dependamerge blocked myorganization
# Get detailed JSON output
dependamerge blocked myorganization --format json > unmergeable_prs.json
# Check without progress display
dependamerge blocked myorganization --no-progress# Merge a dependency update across all repos
dependamerge merge https://github.com/myorg/repo1/pull/45# Merge documentation updates
dependamerge merge https://github.com/myorg/repo1/pull/12 --threshold 0.85# Merge with optional security validation
dependamerge merge https://github.com/myorg/repo1/pull/89 \
--override f1a2b3c4d5e6f7g8# See what changes will apply and automatically fix out-of-date branches
dependamerge merge https://github.com/myorg/repo1/pull/78 \
--dry-run --fix --threshold 0.9 --progress- Mergeable Check: Verifies PRs are in a mergeable state before attempting merge
- Auto-Fix: Automatically update out-of-date branches when using
--fixoption - Detailed Status: Shows specific reasons preventing PR merges (conflicts, blocked by checks, etc.)
- Similarity Threshold: Configurable confidence threshold prevents incorrect matches
- Dry Run Mode: Always test with
--dry-runfirst - Detailed Logging: Shows which PRs match and why they match
- SHA-Based Validation: Provides unique SHA hash for security
- Author Isolation: When using SHA validation, processes PRs from the same author as source PR
- Commit Binding: SHA changes if commit message changes, preventing replay attacks
- Cross-Author Protection: When enabled, one author's SHA cannot work for another author's PRs
The tool now supports GitHub PR URLs with path segments:
# These URL formats now work:
dependamerge https://github.com/owner/repo/pull/123
dependamerge https://github.com/owner/repo/pull/123/
dependamerge https://github.com/owner/repo/pull/123/files
dependamerge https://github.com/owner/repo/pull/123/commits
dependamerge https://github.com/owner/repo/pull/123/files/diffThis enhancement allows you to copy URLs directly from GitHub's PR pages without worrying about the specific tab you're viewing.
git clone <repository-url>
cd dependamerge
pip install -e ".[dev]"pytest# Format code
black src tests
# Lint code
flake8 src tests
# Type checking
mypy src- Fork the repository
- Create a feature branch
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
MIT License - see LICENSE file for details.
Error: GitHub token needed
Solution: Set GITHUB_TOKEN environment variable or use --token flag.
Failed to fetch organization repositories
Solution: Ensure your token has read:org scope.
- Check that other repositories have open automation PRs
- Try lowering the similarity threshold with
--threshold 0.7 - Use
--dry-runto see detailed matching information
- Ensure PRs are in mergeable state (no conflicts)
- Check that you have write permissions to the target repositories
- Verify the repository settings permit the merge method
- Check the command help:
dependamerge --help - Get specific command help:
dependamerge blocked --helpordependamerge merge --help - Enable verbose output with environment variables
- Review the similarity scoring in dry-run mode for merge operations
- Use JSON output format for programmatic processing of blocked PR results
- Store GitHub tokens securely (environment variables, not in code)
- Use tokens with minimal required permissions
- Rotate access tokens periodically
- Review PR changes in dry-run mode first
- Be cautious with low similarity thresholds