From ark
Consolidates open Dependabot PRs into a single integration branch for unified review and merge. Activates on requests like 'consolidate dependabot' or 'batch dependency updates'.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ark:ark-dependabot-managementThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Consolidate open Dependabot PRs into a single integration branch for unified review and merge.
Consolidate open Dependabot PRs into a single integration branch for unified review and merge.
All open Dependabot PRs get merged into a single integration/dependabot branch which has one PR into main. This avoids CI churn from merging individual dependency bumps.
Before consolidating, verify all directories in .github/dependabot.yaml still exist:
yq '.updates[].directory // .updates[].directories[]' .github/dependabot.yaml | while read dir; do
[ ! -d "$dir" ] && echo "STALE: $dir"
done
Remove stale entries before proceeding — they cause Dependabot workflow errors.
The fastest method is to merge each dependabot branch directly into a fix branch:
git checkout -b fix/build-consolidation origin/main
# For each dependabot PR branch:
git fetch origin <dependabot-branch>
git merge --no-edit origin/<dependabot-branch>
This is simpler than the GitHub API approach below, avoids needing --admin permissions, and lets you test all updates together locally before pushing.
Use the API method when you need to keep individual PRs open for tracking, or when merging into the integration/dependabot branch.
gh pr list --repo mckinsey/agents-at-scale-ark --state open --author "app/dependabot" \
--json number,title,headRefName --jq '.[] | "\(.number)\t\(.title)"'
EXISTING_PR=$(gh pr list --repo mckinsey/agents-at-scale-ark --state open \
--head integration/dependabot --json number --jq '.[0].number // empty')
if [ -n "$EXISTING_PR" ]; then
echo "Existing open PR: #${EXISTING_PR}"
fi
If no open PR exists, check if the branch exists and if there's a merged PR to reopen from:
BRANCH_EXISTS=$(gh api repos/mckinsey/agents-at-scale-ark/git/ref/heads/integration/dependabot \
--jq '.object.sha' 2>/dev/null || echo "")
MERGED_PR=$(gh pr list --repo mckinsey/agents-at-scale-ark --state merged \
--head integration/dependabot --json number --jq '.[0].number // empty')
If no branch exists — create from main:
gh api repos/mckinsey/agents-at-scale-ark/git/refs \
-f ref="refs/heads/integration/dependabot" \
-f sha="$(gh api repos/mckinsey/agents-at-scale-ark/git/ref/heads/main --jq '.object.sha')"
If branch exists but PR was already merged — reset to current main:
gh api repos/mckinsey/agents-at-scale-ark/git/refs/heads/integration/dependabot \
--method PATCH \
-f sha="$(gh api repos/mckinsey/agents-at-scale-ark/git/ref/heads/main --jq '.object.sha')" \
-F force=true
For each open Dependabot PR:
gh api repos/mckinsey/agents-at-scale-ark/pulls/<NUMBER> \
--method PATCH -f base="integration/dependabot"
Then squash merge:
gh pr merge <NUMBER> --repo mckinsey/agents-at-scale-ark --squash --admin
Conflict handling: If a PR has merge conflicts, rebase it onto integration/dependabot first, accepting the dependabot changes.
Workflow files: PRs modifying .github/workflows/ require a token with workflow scope — flag these for manual merge in the GitHub UI.
If no existing open PR:
gh pr create --repo mckinsey/agents-at-scale-ark \
--head integration/dependabot --base main \
--title "chore(deps): consolidated dependabot updates" \
--body "$(cat <<'EOF'
## Summary
- Consolidated dependabot dependency updates into a single PR
### Included PRs
| PR | Title |
|----|-------|
| #N | title |
EOF
)"
If a merged PR exists and the branch has new changes, create a new PR (GitHub won't reopen a merged PR):
gh pr create --repo mckinsey/agents-at-scale-ark \
--head integration/dependabot --base main \
--title "chore(deps): consolidated dependabot updates" \
--body "$(cat <<'EOF'
## Summary
- Consolidated dependabot dependency updates into a single PR
- Continues from previously merged consolidation
### Included PRs
| PR | Title |
|----|-------|
| #N | title |
EOF
)"
Periodically check for stale Dependabot PRs that failed to merge:
gh pr list --repo mckinsey/agents-at-scale-ark --state open --author "app/dependabot" \
--json number,title,updatedAt --jq '.[] | select(.updatedAt < "THRESHOLD_DATE") | "\(.number)\t\(.title)"'
Close PRs that are superseded by newer versions of the same dependency.
npx claudepluginhub p/mckinsey-ark-claudeConsolidates open Dependabot PRs into one tested branch and PR, grouped by ecosystem and risk, with baseline-diff verification and operator approval before merging.
Reviews open Dependabot PRs, classifies by risk (patch/minor/major/security/lockfile-only), merges safe ones via GitHub CLI, and advises on others. Use for dependency update triage.
Merges all open PRs in dependency order, closes linked issues, deletes feature branches, and cleans up local/remote refs. Use when completing features or finalizing a release cycle.