Is it possible to change the target branch of a Pull Request that dependabot has opened?
We have set up dependabot to usually target a specific branch, that is not main, but for security updates it will still target main (as discussed on this question). So, I would like to re-target those PRs which are targeting main directly to our normal testing branch.
As per Dependabot's documentation, security updates will always target the default branch. Setting the target-branch config forces Dependabot to ignore it and all other configurations for that package manager when creating Security pull requests.
There is no way to have Dependabot open Security update Pull Requests on branches other than the default branch; however, you could use a GitHub Action to switch the target branch after the PR has been created. An example would be the pr-target-branch-action.
You can use 'target-branch' config option to set the target Dependabot branch to something else than main: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#target-branch
From the docs:
version: 2
updates:
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
# Raise pull requests for version updates
# to pip against the `develop` branch
target-branch: "develop"
