fix(github): do not allow maintainer PR edits for fork PRs

If a maintainer pushes changes to a fork renovate PR, the branch will never be deleted by Renovate because there are changes not corresponding to the Git account configured in Renovate. This prevents future updates as Renovate basically locks down the branch and marks it as `pr-edited`, preventing it from being overriden or cleaned-up as part of the scheduled branch deletion. We can fix this by encouraging that maintainers cherry-pick the commit and make changes in a separate PR. It is not possible for maintainers to trivially delete the branch of the e.g. fork robot account because they would need to log into that and not every team member would e.g. necessarily have access to the robot account. Fixes renovatebot#16657.
devversion · Jan 10, 2023 · 6f03122 · 6f03122
1 parent 107c80b
commit 6f03122
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/lib/modules/platform/github/index.ts b/lib/modules/platform/github/index.ts
@@ -1494,7 +1494,10 @@ export async function createPr({
   // istanbul ignore if
   if (config.forkToken) {
     options.token = config.forkToken;
-    options.body.maintainer_can_modify = true;
+    // We do not allow modifications from maintainers because pushes to the
+    // fork prevent deletion of the branch later on, preventing future updates.
+    // More details: https://github.com/renovatebot/renovate/issues/16657.
+    options.body.maintainer_can_modify = false;
   }
   logger.debug({ title, head, base, draft: draftPR }, 'Creating PR');
   const ghPr = (