Misc #21656
open
Exclude dependabot PRs from automated gem release notes
Description
Ruby has many gems, and many of them have release notes generated with the github command line instead of being written by a human. Usually that is fine, I don't have much of a problem with that approach. But what is less ideal is that github actions are pinned by commit hash/minor version which causes many dependabot PRs. This results in release notes like this: https://github.com/ruby/timeout/releases/tag/v0.4.4
Bump rubygems/release-gem from 1.1.0 to 1.1.1 by @dependabot[bot] in #56
Bump step-security/harden-runner from 2.10.2 to 2.10.3 by @dependabot[bot] in #57
Bump step-security/harden-runner from 2.10.3 to 2.10.4 by @dependabot[bot] in #59
Bump step-security/harden-runner from 2.10.4 to 2.11.0 by @dependabot[bot] in #60
Bump step-security/harden-runner from 2.11.0 to 2.11.1 by @dependabot[bot] in #61
Bump step-security/harden-runner from 2.11.1 to 2.12.0 by @dependabot[bot] in #62
Bump step-security/harden-runner from 2.12.0 to 2.12.1 by @dependabot[bot] in #63
Gracefully handle a call to ensure_timeout_thread_created in a signal handler by @eregon in #64
Bump step-security/harden-runner from 2.12.1 to 2.12.2 by @dependabot[bot] in #65
Bump step-security/harden-runner from 2.12.2 to 2.13.0 by @dependabot[bot] in #66
Bump actions/checkout from 4 to 5 by @dependabot[bot] in #67
Bump step-security/harden-runner from 2.13.0 to 2.13.1 by @dependabot[bot] in #68
Add a workflow to sync commits to ruby/ruby by @k0kubun in #69
You might have missed it but hidden between all the automated non-user facing PRs is actually something that users might want to read about: Gracefully handle a call to ensure_timeout_thread_created in a signal handler by @eregon in #64. I would like these release notes to omit bot PRs since they don't have any impact on gem consumers and only make it hard to actually find what changed.
Doing a quick search, 56 gems create release notes in this way: https://github.com/search?q=org%3Aruby+lang%3Ayml+--generate-notes&type=code. Really, I would want these written by a human since even without bot PRs there are still many that are just maintenance to fix CI or similar that don't concern the end user but I can understand that probably no one actually wants to write these by hand, which is why I propose to just exclude bot PRs. That should already have a pretty big impact.
Updated by 
Updated by 
Updated by