Change target branch of open dependabot PR?

Question

Is it possible to change the target branch of a Pull Request that dependabot has opened?

We have set up dependabot to usually target a specific branch, that is not main, but for security updates it will still target main (as discussed on this question). So, I would like to re-target those PRs which are targeting main directly to our normal testing branch.

Answer 1

You can use 'target-branch' config option to set the target Dependabot branch to something else than main: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#target-branch

From the docs:

version: 2
updates:
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
      interval: "weekly"
    # Raise pull requests for version updates
    # to pip against the `develop` branch
    target-branch: "develop"

Answer 2

As per Dependabot's documentation, security updates will always target the repository's default branch. There is no way to force Dependabot to open security-update pull requests on branches other than the default branch.

Setting the target-branch configuration option will cause Dependabot to ignore the entire configuration for that package-ecosystem when creating security-update pull requests.

A workaround would be to use a GitHub Action to switch the target branch after the pull request has been created. An example would be the pr-target-branch-action.