Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(dependabot): auto-update lockfiles for monorepo package bumps #26872

Merged
merged 3 commits into from
Jan 30, 2024
Merged

chore(dependabot): auto-update lockfiles for monorepo package bumps #26872

merged 3 commits into from
Jan 30, 2024

Conversation

rusackas
Copy link
Member

SUMMARY

When dependabot bumps packages for monorepo packages/plugins, it doesn't work out. It bumps package.json, but it's not smart enough to know that it needs to run npm install from the root of the superset-frontend folder. This action will keep an eye out for these PRs from dependabot on those paths, and run the installation command, and push the package lock file.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

mistercrunch
mistercrunch requested changes Jan 30, 2024
View reviewed changes
Copy link
Member

@mistercrunch mistercrunch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will lead to double triggering CI in cases we're trying to fix here. Meaning all pull_request events workflows trigger once, including this one, and once the push happens again, CI does a full re-trigger maybe a few minutes later. We could have all other CI tasks depend on this one, but that would delay things. I'd let's make sure this only triggers on opened and be ok with the double-trigger stuff

.github/workflows/update-monorepo-lockfiles.yml Outdated
- 'superset-frontend/packages/**/package.json'
- 'superset-frontend/plugins/**/package.json'
# Trigger this workflow when Dependabot creates a pull request
types: [opened, synchronize, reopened]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd say this should only trigger on opened, not the others. We don't want it to trigger itself, even though I think git push should be a no-op when the files does not change on the second run.

.github/workflows/update-monorepo-lockfiles.yml
git config user.email "github-actions[bot]@users.noreply.github.com"
git add package-lock.json
git commit -m "Update lock file for Dependabot PR" -a # Commit the changes
git push # Push the changes back to the branch
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming this is a no-op on the second run.

@mistercrunch
Copy link
Member

I approved the change I submitted 😄

@rusackas rusackas merged commit 47c337e into master Jan 30, 2024
25 checks passed
eschutho pushed a commit to preset-io/superset that referenced this pull request Jan 31, 2024
@rusackas @mistercrunch @eschutho
chore(dependabot): auto-update lockfiles for monorepo package bumps (a…
7010fd6 
…pache#26872)

Co-authored-by: Maxime Beauchemin <[email protected]>
sfirke pushed a commit to sfirke/superset that referenced this pull request Mar 22, 2024
@rusackas @mistercrunch @sfirke
chore(dependabot): auto-update lockfiles for monorepo package bumps (a…
315d881 
…pache#26872)

Co-authored-by: Maxime Beauchemin <[email protected]>
@rusackas rusackas deleted the update-monorepo-lockfiles branch April 16, 2024 16:51
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 4.0.0 labels Apr 17, 2024
vinothkumar66 pushed a commit to vinothkumar66/superset that referenced this pull request Nov 11, 2024
@rusackas @mistercrunch
chore(dependabot): auto-update lockfiles for monorepo package bumps (a…
ae5972d 
…pache#26872)

Co-authored-by: Maxime Beauchemin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mistercrunch mistercrunch mistercrunch approved these changes

@villebro villebro Awaiting requested review from villebro villebro is a code owner

@geido geido Awaiting requested review from geido geido is a code owner

@eschutho eschutho Awaiting requested review from eschutho eschutho is a code owner

@betodealmeida betodealmeida Awaiting requested review from betodealmeida betodealmeida is a code owner

@nytai nytai Awaiting requested review from nytai nytai is a code owner

@craig-rueda craig-rueda Awaiting requested review from craig-rueda craig-rueda is a code owner

@john-bodley john-bodley Awaiting requested review from john-bodley

@kgabryje kgabryje Awaiting requested review from kgabryje kgabryje is a code owner

@dpgaspar dpgaspar Awaiting requested review from dpgaspar dpgaspar is a code owner

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/M 🚢 4.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rusackas @mistercrunch