• Stars
    star
    742
  • Rank 61,120 (Top 2 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created about 7 years ago
  • Updated 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

GitHub Pull Request Auto-Merge Bot

bulldozer

Docker Pulls

bulldozer is a GitHub App that automatically merges pull requests (PRs) when (and only when) all required status checks are successful and required reviews are provided.

Additionally, bulldozer can:

  • Only merge pull requests that match certain conditions, like having a specific label or comment
  • Ignore pull requests that match certain conditions, like having a specific label or comment
  • Automatically keep pull request branches up-to-date by merging in the target branch
  • Wait for additional status checks that are not required by GitHub

Bulldozer might be useful if you:

  • Have CI builds that take longer than the normal review process. It will merge reviewed PRs as soon as the tests pass so you don't have to watch the pull request or remember to merge it later.
  • Combine it with policy-bot to automatically merge certain types of pre-approved or automated changes.
  • Want to give contributors more control over when they can merge PRs without granting them write access to the repository.
  • Have a lot of active development that makes it difficult to merge a pull request while it is up-to-date with the target branch.

Contents

Behavior

bulldozer will only merge pull requests that GitHub allows non-admin collaborators to merge. This means that all branch protection settings, including required status checks and required reviews, are respected. It also means that you must enable branch protection to prevent bulldozer from immediately merging every pull request.

Only pull requests matching the trigger conditions (or not matching ignore conditions) are considered for merging. bulldozer is event-driven, which means it will usually merge a pull request within a few seconds of the pull request satisfying all preconditions.

Configuration

The behavior of the bot is configured by a .bulldozer.yml file at the root of the repository. The file name and location are configurable when running your own instance of the server.

  • The file is read from the most recent commit on the target branch of each pull request.

  • The file may contain a reference to a configuration in a different repository (see Remote Configuration.)

  • If the file does not exist in the repository, bulldozer tries to load a shared bulldozer.yml file at the root of the .github repository in the same organization. You can change this path and repository name when running your own instance of the server.

  • You can also define a global default configuration when running your own instance of the server. This is used if the repository or the shared organization repository do not define any configuration.

  • If configuration does not exist in the repository or in the shared organization repository and the server does not have a default configuration, bulldozer does not act on the pull request. This means it is safe to enable bulldozer on all repositories in an organization.

bulldozer.yml Specification

The .bulldozer.yml file supports the following keys.

# "version" is the configuration version, currently "1".
version: 1

# "merge" defines how and when pull requests are merged. If the section is
# missing, bulldozer will consider all pull requests and use default settings.
merge:
  # "trigger" defines the set of pull requests considered by bulldozer. If
  # the section is missing, bulldozer considers all pull requests not excluded
  # by the ignore conditions.
  trigger:
    # Pull requests with any of these labels (case-insensitive) are added to
    # the trigger.
    labels: ["merge when ready"]

    # Pull requests where the body or any comment contains any of these
    # substrings are added to the trigger.
    comment_substrings: ["==MERGE_WHEN_READY=="]

    # Pull requests where any comment matches one of these exact strings are
    # added to the trigger.
    comments: ["Please merge this pull request!"]

    # Pull requests where the body contains any of these substrings are added
    # to the trigger.
    pr_body_substrings: ["==MERGE_WHEN_READY=="]

    # Pull requests targeting any of these branches are added to the trigger.
    branches: ["develop"]

    # Pull requests targeting branches matching any of these regular expressions are added to the trigger.
    branch_patterns: ["feature/.*"]

    # Pull requests with auto merge enabled are added to the trigger.
    auto_merge: true

  # "ignore" defines the set of pull request ignored by bulldozer. If the
  # section is missing, bulldozer considers all pull requests. It takes the
  # same keys as the "trigger" section.
  ignore:
    labels: ["do not merge"]
    comment_substrings: ["==DO_NOT_MERGE=="]

  # "method" defines the merge method. The available options are "merge",
  # "rebase", "squash", and "ff-only".
  method: squash

  ##### branch_method has been DEPRECATED in favor of merge_method #####
  # 
  # Allows the merge method that is used when auto-merging a PR to be different
  # target branch. The keys of the hash are the target branch name, and the values are the merge method that
  # will be used for PRs targeting that branch. The valid values are the same as for the "method" key.
  # Note: If the target branch does not match any of the specified keys, the "method" key is used instead.
  branch_method:
    develop: squash
    master: merge
  ##### branch_method has been DEPRECATED in favor of merge_method #####

  # Allows the merge method that is used when auto-merging a PR to be different
  # based on trigger criteria. The first method where ALL triggers match will
  # be used. Otherwise, the method specified previously in "merge.method" will 
  # be used.
  # - ALL trigger criteria must match, unlike merge/trigger where ANY match 
  # will trigger bulldozer.
  # - This will override any branch_method logic if one of the methods is
  # triggered
  # - If no trigger criteria is provided the method is ignored
  merge_method:
    # "method" defines the merge method. The available options are "merge",
    # "rebase", "squash", and "ff-only".
    - method: squash
      trigger:
        # All methods from merge/trigger are supported. Additionally, the
        # following additional methods are provided:

        # Pull requests which a number of commits less than or equal to this value are added to the trigger.
        max_commits: 3

  # "options" defines additional options for the individual merge methods.
  options:
    # "squash" options are only used when the merge method is "squash"
    squash:
      # "title" defines how the title of the commit message is created when
      # generating a squash commit. The options are "pull_request_title",
      # "first_commit_title", and "github_default_title". The default is
      # "pull_request_title".
      title: "pull_request_title"

      # "body" defines how the body of the commit message is created when
      # generating a squash commit. The options are "pull_request_body",
      # "summarize_commits", and "empty_body". The default is "empty_body".
      body: "empty_body"

      # If "body" is "pull_request_body", then the commit message will be the
      # part of the pull request body surrounded by "message_delimiter"
      # strings. This is disabled (empty string) by default.
      message_delimiter: ==COMMIT_MSG==

  # "required_statuses" is a list of additional status contexts that must pass
  # before bulldozer can merge a pull request. This is useful if you want to
  # require extra testing for automated merges, but not for manual merges.
  required_statuses:
    - "ci/circleci: ete-tests"

  # If true, bulldozer will delete branches after their pull requests merge.
  delete_after_merge: true

  # If true, bulldozer will merge pull requests with no required checks. This
  # helps to protect against merging branches which inadvertently do not have
  # required status checks.
  allow_merge_with_no_checks: false

# "update" defines how and when to update pull request branches. Unlike with
# merges, if this section is missing, bulldozer will not update any pull requests.
update:
  # "trigger" defines the set of pull requests that should be updated by
  # bulldozer. It accepts the same keys as the trigger in the "merge" block.
  trigger:
    labels: ["WIP", "Update Me"]

  # "ignore" defines the set of pull requests that should not be updated by
  # bulldozer. It accepts the same keys as the ignore in the "merge" block.
  ignore:
    labels: ["Do Not Update"]

  # If true, bulldozer will ignore updating draft pull requests, unless they
  # explicitly match a configured trigger condition.
  ignore_drafts: false

  # "required_statuses" is a list of additional status contexts that must pass
  # before bulldozer will update a pull request, unless the pull request
  # explicitly matches a configured trigger condition. This is useful if you want
  # to require certain statuses to pass before automated updates are made.
  required_statuses:
    - "policy-bot: develop"

Remote Configuration

You can use a remote configuration by specifying a repository and an optional path and Git reference. Place the following in the repository's .bulldozer.yml file instead of the normal configuration:

# The remote repository to read the configuration file from. This is required,
# and must be in "org/repo-name" form. Must be a public repository.
remote: org/repo-name

# The path to the configuration file in the remote repository. If not set,
# uses the default configuration path.
path: path/to/bulldozer.yml

# The branch (or tag, or commit hash) that should be used on the remote
# repository. If not set, uses the default branch of the repository.
ref: main

The remote file must contain bulldozer configuration and cannot be another remote reference. However, the organization-level default configuration may be a remote reference.

FAQ

Can I specify both ignore and trigger?

Yes. If both ignore and trigger are specified, bulldozer will attempt to match on both. In cases where both match, ignore will take precedence.

Can I specify the body of the commit when using the squash strategy?

Yes. When the merge strategy is squash, you can set additional options under the options.squash property, including how to render the commit body.

merge:
  method: squash
  options:
    squash:
      body: summarize_commits # or `pull_request_body`, `empty_body`

You can also define part of pull request body to pick as a commit message when body is pull_request_body.

merge:
  method: squash
  options:
    squash:
      body: pull_request_body
      message_delimiter: ==COMMIT_MSG==

Anything that's contained between two ==COMMIT_MSG== strings will become the commit message instead of whole pull request body.

What if I don't want to put config files into each repo?

You can add default repository configuration in your bulldozer config file.

It will be used only when your repo config file does not exist.

options:
  default_repository_config:
    ignore:
      labels: ["do not merge"] # or any other available config.

Bulldozer isn't merging my commit when it should, what could be happening?

Bulldozer will attempt to merge a branch whenever it passes the trigger/ignore criteria. GitHub may prevent it from merging a branch in certain conditions, some of which are to be expected, and others that may be caused by mis-configuring Bulldozer.

  • Required status checks have not passed
  • Review requirements are not satisfied
  • The merge strategy configured in .bulldozer.yml is not allowed by your repository settings
  • Branch protection rules are preventing bulldozer[bot] from pushing to the branch. Github apps can be added to the list of restricted push users, so you can allow Bulldozer specifically for your repo.
  • The branch has no required checks and allow_merge_with_no_checks is set to the default value (false).

Bulldozer isn't updating my branch when it should, what could be happening?

When using the branch update functionality, Bulldozer only performs an update after updates are enabled when:

  • A label is added
  • The pull request is opened
  • The target branch is updated

For example:

  1. User A opens a pull request targetting develop
  2. User B pushes a commit to develop
  3. User A adds an update me comment to the first pull request
  4. User C pushes a commit to develop
  5. Bulldozer updates the pull request with the commits from Users B and C

Note that the update does not happen when the update me comment is added, even though there is a new commit on develop that is not part of the pull request.

Can Bulldozer work with push restrictions on branches?

As mentioned above, as of Github ~2.19.x, GitHub Apps can be added to the list of users associated with push restrictions. If you don't want to do this, or if you're running an older version of Github that doesn't support this behaviour, you may work around this:

  1. Use another app like policy-bot to implement approval restrictions as required status checks instead of using push restrictions. This effectively limits who can push to a branch by requiring changes to go through the pull request process and be approved.

  2. Configure Bulldozer to use a personal access token for a regular user to perform merges in this case. The token must have the repo scope and the user must be allowed to push to the branch. In the server configuration file, set:

    options:
      push_restriction_user_token: <token-value>

    The token is only used if the target branch has push restrictions enabled. All other merges are performed as the normal GitHub App user.

Deployment

bulldozer is easy to deploy in your own environment as it has no dependencies other than GitHub. It is also safe to run multiple instances of the server, making it a good fit for container schedulers like Nomad or Kubernetes.

We provide both a Docker container and a binary distribution of the server:

A sample configuration file is provided at config/bulldozer.example.yml. Certain values may also be set by environment variables; these are noted in the comments in the sample configuration file. By default, the environment variables for server values are prefixed with BULLDOZER_ (e.g. BULLDOZER_PORT). For configuring options the prefix is BULLDOZER_OPTIONS (e.g. BULLDOZER_OPTIONS_APP_NAME) This prefix can be overridden by setting the BULLDOZER_ENV_PREFIX environment variable.

GitHub App Configuration

To configure Bulldozer as a GitHub App, these general options are required:

  • Webhook URL: http(s)://<your-bulldozer-domain>/api/github/hook
  • Webhook secret: A random string that matches the value of the github.app.webhook_secret property in the server configuration

The app requires these permissions:

Permission Access Reason
Repository administration Read-only Determine required status checks
Checks Read-only Read checks for ref
Repository contents Read & write Read configuration, perform merges
Issues Read & write Read comments, close linked issues
Repository metadata Read-only Basic repository data
Pull requests Read & write Merge and close pull requests
Commit status Read-only Evaluate pull request status

The app should be subscribed to these events:

  • Check run
  • Commit comment
  • Pull request
  • Status
  • Push
  • Issue comment
  • Pull request review
  • Pull request review comment

Operations

bulldozer uses go-baseapp and go-githubapp, both of which emit standard metrics and structured log keys. Please see those projects for details.

Example Files

Example .bulldozer.yml files can be found in config/examples

Migrating: Version 0.4.X to 1.X

The server configuration for bulldozer allows you to specify configuration_v0_path, which is a list of paths to check for 0.4.X style bulldozer configuration. When a 1.X style configuration file does not appear at the configured path, bulldozer will attempt to read from the paths configured by configuration_v0_path, converting the legacy configuration into an equivalent v1 configuration internally.

The upgrade process is therefore to deploy the latest version of bulldozer with both configuration_path and configuration_v0_path configured, and to enable the bulldozer GitHub App on all organizations where it was previously installed.

Reducing Update Commit and CI Pressure

The Bulldozer "Update" feature is useful when keeping branches up-to-date, but can cause lots of pressure on CI build systems and Github when there are many pull requests open on a single repository.

To reduce pressure on CI systems and Github, the update feature can be disabled at the server level by specifying the following server option:

options:
  disable_update_feature: true

Development

To develop bulldozer, you will need a Go installation.

Run style checks and tests

./godelw verify

Running the server locally

# copy and edit the server config
cp config/bulldozer.example.yml config/bulldozer.yml

./godelw run bulldozer server
  • config/bulldozer.yml is used as the default configuration file
  • The server is available at http://localhost:8080/

Running the server via Docker

# copy and edit the server config
cp config/bulldozer.example.yml config/bulldozer.yml

# build the docker image
./godelw docker build --verbose

docker run --rm -v "$(pwd)/config:/secrets/" -p 8080:8080 palantirtechnologies/bulldozer:latest
  • This mounts the config directory (which should contain the bulldozer.yml configuration file) at the expected location
  • The server is available at http://localhost:8080/

Contributing

Contributions and issues are welcome. For new features or large contributions, we prefer discussing the proposed change on a GitHub issue prior to a PR.

License

This application is made available under the Apache 2.0 License.

More Repositories

1

blueprint

A React-based UI toolkit for the web
TypeScript
19,885
star
2

tslint

๐Ÿšฆ An extensible linter for the TypeScript language
TypeScript
5,916
star
3

plottable

๐Ÿ“Š A library of modular chart components built on D3
TypeScript
2,926
star
4

python-language-server

An implementation of the Language Server Protocol for Python
Python
2,579
star
5

windows-event-forwarding

A repository for using windows event forwarding for incident detection and response
Roff
1,215
star
6

pyspark-style-guide

This is a guide to PySpark code style presenting common situations and the associated best practices based on the most frequent recurring topics across the PySpark repos we've encountered.
Python
1,019
star
7

osquery-configuration

A repository for using osquery for incident detection and response
814
star
8

policy-bot

A GitHub App that enforces approval policies on pull requests
Go
756
star
9

tslint-react

๐Ÿ“™ Lint rules related to React & JSX for TSLint.
TypeScript
752
star
10

gradle-docker

a Gradle plugin for orchestrating docker builds and pushes.
Groovy
723
star
11

alerting-detection-strategy-framework

A framework for developing alerting and detection strategies for incident response.
657
star
12

stacktrace

Stack traces for Go errors
Go
498
star
13

palantir-java-format

A modern, lambda-friendly, 120 character Java formatter.
Java
427
star
14

docker-compose-rule

A JUnit rule to manage docker containers using docker-compose
Java
422
star
15

conjure

Strongly typed HTTP/JSON APIs for browsers and microservices
Java
417
star
16

go-githubapp

A simple Go framework for building GitHub Apps
Go
342
star
17

eclipse-typescript

An Eclipse plug-in for developing in the TypeScript language.
JavaScript
340
star
18

gradle-git-version

a Gradle plugin that uses `git describe` to produce a version string.
Java
339
star
19

godel

Go tool for formatting, checking, building, distributing and publishing projects
Go
304
star
20

jamf-pro-scripts

A collection of scripts and extension attributes created for managing Mac workstations via Jamf Pro.
Shell
304
star
21

gradle-baseline

A set of Gradle plugins that configure default code quality tools for developers.
Java
283
star
22

gradle-graal

A plugin for Gradle that adds tasks to download, extract and interact with GraalVM tooling.
Java
227
star
23

log4j-sniffer

A tool that scans archives to check for vulnerable log4j versions
Go
192
star
24

tfjson

Terraform plan file to JSON
Go
181
star
25

k8s-spark-scheduler

A Kubernetes Scheduler Extender to provide gang scheduling support for Spark on Kubernetes
Go
175
star
26

Sysmon

A lightweight platform monitoring tool for Java VMs
Java
155
star
27

documentalist

๐Ÿ“ A sort-of-static site generator optimized for living documentation of software projects
TypeScript
153
star
28

exploitguard

Documentation and supporting script sample for Windows Exploit Guard
PowerShell
148
star
29

typesettable

๐Ÿ“ A typesetting library for SVG and Canvas
TypeScript
146
star
30

bouncer

An application to cycle (bounce) all nodes in a coordinated fashion in an AWS ASG or set of related ASGs
Go
129
star
31

gradle-consistent-versions

Compact, constraint-friendly lockfiles for your dependencies
Java
112
star
32

Cinch

A Java library that manages component action/event bindings for MVC patterns
Java
110
star
33

redoodle

An addon library for Redux that enhances its integration with TypeScript.
TypeScript
100
star
34

gradle-jacoco-coverage

Groovy
99
star
35

sqlite3worker

A threadsafe sqlite worker for Python
Python
94
star
36

phishcatch

A browser extension and API server for detecting corporate password use on external websites
CSS
90
star
37

python-jsonrpc-server

A Python 2 and 3 asynchronous JSON RPC server
Python
83
star
38

conjure-java-runtime

Opinionated libraries for HTTP&JSON-based RPC using Retrofit, Feign, OkHttp as clients and Jetty/Jersey as servers
Java
78
star
39

go-baseapp

A lightweight starting point for Go web servers
Go
72
star
40

stashbot

A plugin for Atlassian Stash to allow easy, self-service continuous integration with Jenkins
Java
67
star
41

stash-codesearch-plugin

Provides global repository, commit, and file content search for Atlassian Stash instances
Java
62
star
42

gradle-processors

Gradle plugin for integrating Java annotation processors
Groovy
62
star
43

go-java-launcher

A simple Go program for launching Java programs from a fixed configuration. This program replaces Gradle-generated Bash launch scripts which are susceptible to attacks via injection of environment variables of the form JAVA_OPTS='$(rm -rf /)'.
Go
59
star
44

pkg

A collection of stand-alone Go packages
Go
53
star
45

rust-zipkin

A library for logging and propagating Zipkin trace information in Rust
Rust
53
star
46

witchcraft-go-server

A highly opinionated Go embedded application server for RESTy APIs
Go
51
star
47

grunt-tslint

A Grunt plugin for tslint.
JavaScript
51
star
48

spark-influx-sink

A Spark metrics sink that pushes to InfluxDb
Scala
51
star
49

giraffe

Gracefully Integrated Remote Access For Files and Execution
Java
49
star
50

language-servers

[Deprecated and No longer supported] A collection of implementations for the Microsoft Language Server Protocol
Java
48
star
51

go-license

Go tool that applies and verifies that proper license headers are applied to Go files
Go
47
star
52

hadoop-crypto

Library for per-file client-side encyption in Hadoop FileSystems such as HDFS or S3.
Java
41
star
53

roboslack

A pluggable, fluent, straightforward Java library for interacting with Slack.
Java
39
star
54

tritium

Tritium is a library for instrumenting applications to provide better observability at runtime
Java
39
star
55

sls-packaging

A set of Gradle plugins for creating SLS-compatible packages
Shell
38
star
56

dropwizard-web-security

A Dropwizard bundle for applying default web security functionality
Java
37
star
57

goastwriter

Go library for writing Go source code programatically
Go
34
star
58

palantir-python-sdk

Palantir Python SDK
Python
33
star
59

gradle-gitsemver

Java
31
star
60

gradle-revapi

Gradle plugin that uses Revapi to check whether you have introduced API/ABI breaks in your Java public API
Java
29
star
61

checks

Go libraries and programs for performing static checks on Go projects
Go
29
star
62

dialogue

A client-side RPC library for conjure-java
Java
29
star
63

gradle-circle-style

๐Ÿš€๐Ÿš€๐Ÿš€MOVED TO Baseline
Java
28
star
64

conjure-java

Conjure generator for Java clients and servers
Java
27
star
65

trove

Patched version of the Trove 3 library - changes the Collections semantics to match proper java.util.Map semantics
Java
27
star
66

atlasdb

Transactional Distributed Database Layer
Java
27
star
67

stylelint-config-palantir

Palantir's stylelint config
JavaScript
25
star
68

typedjsonrpc

A typed decorator-based JSON-RPC library for Python
Python
24
star
69

distgo

Go tool for building, distributing and publishing Go projects
Go
23
star
70

encrypted-config-value

Tooling for encrypting certain configuration parameter values in dropwizard apps
Java
22
star
71

typescript-service-generator

Java
21
star
72

streams

Utilities for working with Java 8 streams
Java
21
star
73

gradle-npm-run-plugin

Groovy
20
star
74

conjure-rust

Conjure support for Rust
Rust
20
star
75

conjure-python

Conjure generator for Python clients
Java
19
star
76

amalgomate

Go tool for combining multiple different main packages into a single program or library
Go
19
star
77

serde-encrypted-value

A crate which wraps Serde deserializers and decrypts values
Rust
19
star
78

gradle-docker-test-runner

Gradle plugin for running tests in Docker environments
Groovy
19
star
79

gradle-shadow-jar

Gradle plugin to precisely shadow either a dependency or its transitives
Groovy
19
star
80

tracing-java

Java library providing zipkin-like tracing functionality
Java
18
star
81

gerrit-ci

Plugin for Gerrit enabling self-service continuous integration workflows with Jenkins.
Java
18
star
82

gpg-tap-notifier-macos

Show a macOS notification when GPG is waiting for you to tap/touch a security device (e.g. YubiKey).
Swift
18
star
83

conjure-typescript

Conjure generator for TypeScript clients
TypeScript
17
star
84

plottable-moment

Plottable date/time formatting library built on Moment.js
JavaScript
16
star
85

spark-tpcds-benchmark

Utility for benchmarking changes in Spark using TPC-DS workloads
Java
16
star
86

assertj-automation

Automatic code rewriting for AssertJ using error-prone and refaster
Java
16
star
87

metric-schema

Schema for standard metric definitions
Java
14
star
88

safe-logging

Interfaces and utilities for safe log messages
Java
14
star
89

resource-identifier

Common resource identifier specification for inter-application object sharing
Java
14
star
90

dropwizard-web-logger

WebLoggerBundle is a Dropwizard bundle used to help log web activity to log files on a serverโ€™s backend
Java
14
star
91

gradle-miniconda-plugin

Plugin that sets up a Python environment for building and running tests using Miniconda.
Java
13
star
92

human-readable-types

A collection of human-readable types
Java
12
star
93

conjure-go-runtime

Go implementation of the Conjure runtime
Go
12
star
94

gulp-count

Counts files in vinyl streams.
CoffeeScript
12
star
95

palantir-r-sdk

Palantir R SDK
R
12
star
96

go-compiles

Go check that checks that Go source and tests compiles
Go
12
star
97

go-generate

Go tool that runs and verifies the output of go generate
Go
12
star
98

asana_mailer

A script that uses Asana's RESTful API to generate plaintext and HTML emails.
Python
12
star
99

ontology-starter-react-app

Example starter repo for building React applications on top of a Foundry Ontology
TypeScript
12
star
100

eclipse-less

An Eclipse plug-in for compiling LESS files.
Java
11
star