Currently is seems that when you require Codacy checks on a repo and also turn on Dependabot to automatically open PRs there is no way for Codacy to run on Dependabot PRs and no way to merge the PR when you have Codacy checks required. This is a major pain and makes Codacy less useful, or at the very least only an optional service so no enforcement on PRs made by actual developers.
Hi @f1_timnolte , Thanks for the amazing feedback!
Right now Codacy handles a bot like a normal user, so you can just add it to your org and all of the commits made by that email will be analyzed.
Please let me know if you have any trouble adding the bot to your org.
OK, I see about that. The thing that concerns me is that we have no control over what user any bots might be using, especially Dependabot, and it could possibly change at any time without notice. Also, there would then also be additional user costs for bots. I will probably just convert these projects over to GitHub Actions and drop Codacy since it’s looking to be cost prohibitive for us. Thanks!
I’m @tercio from the Codacy Product Management team.
We are aware of the current behaviour when bots are used, and we’re sorry for the problems it’s causing you.
Trying to build on top of this, can you help us understand your workflow and the need to have Dependabot PRs analyzed by Codacy?
@tercio so in actuality we don’t need GitHub Dependabot PR to be scanned via Codacy, however, we have Codacy setup as a required check that must pass in order for PR to be allowed to be merged. This has the affect that PRs opened by Dependabot can’t run/pass and thus we can’t merge in those PRs without doing additional work.