-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reduce the frequency and number of amphtml
package upgrades
#28322
Comments
amphtml
package upgradesamphtml
package upgrades
Related: ampproject/amp-github-apps#284 /cc @ampproject/wg-infra |
Does this matter enough that it should really factor into a decision?
We already group commits by component/directory, and there's a dedicated section for package updates. Given how the release notes are used (ie. often a developer looking at a release to see if their PR is present), maybe we could remove all the renovate commits from the list (possibly indicating at the end of the list that N were removed).
😮
This seems like something worth considering. I don't think the PR count should factor too heavily into the decision; this alone could bring a significant workflow change for the on-duty and, judging by the discussion linked above, a significant performance improvement for Travis builds
Subtle but useful distinction: I think separately grouping
By my count, there are 13 I suspect that some of these subpackages are less sensitive to changes than, say, the build system. Perhaps select subpackages can get auto-updates or grouped updates more liberally than core packages like build-system, validator, etc.
Use a separate branch for all dependency updates, allowing |
If we don't want to give renovate merge rights, perhaps we can create a bot that will scan for PRs from renovate that are approved and merge them? |
Thanks for the comments. As a start, I think we should consolidate Once that's done, we can look at the PR load and determine if it's worth pursuing the other ideas. SG? |
The above PR takes the first step of grouping by
Within each group, we'd combine MINOR and PATCH updates into PRs for each. For example, all PATCH updates for the Validator and subpackages would get one PR, same for build-system, etc. In some cases (Misc, Purifier) we might even combine MINOR and PATCH. We could then assign reviewers for some of these groups as well, such as wg-caching for all validator updates, wg-runtime for Purifier, wg-infra for Build System, etc. If we group and assign appropriately, the subpackage dependency updates could be owned by the OWNERS while the build cop would only be responsible for the root |
I like your idea of separating updates into groups! 👏 👏 👏 |
The config has been updated; we'll see tonight at midnight how it shakes out :) |
Thanks for all the work! I'll merge the backlog of PRs today so we can start afresh tomorrow. |
With recent updates, renovate PRs will now be grouped by category and, where relevant, labeled with the appropriate working group label. Patch and Minor updates will get separate PRs. Due to known permissions issues with renovate, it cannot assign a GitHub team as a reviewer. However, all of the If needed, owners files can be adjusted for specific |
I'm thinking it may make sense to also group all changes, across all packages in the repo, to Edit: Because we don't self-host Renovate, we can't make it run arbitrary commands on our behalf 😢 For now I'm added an explanatory comment indicating the reviewer should run the lint fix command and commit the changes. |
Closing this for now, as it seems the work around package grouping and reviewer assignment via Owners Bot has addressed these issues |
Background:
The
amphtml
repo has >150 dependencies inpackage.json
. We userenovate
to keep them up to date.Advantages:
node
environment to be auto-updated (see Discussion to avoid node version incompatibility with LTSs #19050, Upgrade node from ^10.0.0 to ^12.0.0 #25161 (comment), Userenovate
to auto-update Node versions inpackage.json
files #25209, and 📦 Update Node.js to 12 #28123)build-system/tasks/visual-diff/yarn.lock
to address security vulnerabilities #23789 (comment), 🏗 Manually upgrade transitive validator dependencies with security vulnerabilities #25445 (comment), 🏗📦 Switch renovate updates foramphtml
from opt-in to opt-out #27692 (comment)).Disadvantages:
amphtml
PRs come fromrenovate
Purpose of this issue:
To identify a way to reduce the number of PRs while continuing to keep dependencies up to date.
Some ideas:
amphtml
dependencies: This is easier said than done. We do frequent clean-ups of unnecessary packages, but our toolchain is large, and rewriting the functionality natively is not an option.renovate
, which we've been hesitant to do. This too doesn't reduce the PR count.MINOR
andPATCH
upgrades into a single PR per day: This will reduce the number of PRs, but can substantially increase the trouble involved in debugging and fixing a breaking change. It can also require frequent auto-rebasing byrenovate
.Other ideas?
The text was updated successfully, but these errors were encountered: