Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add a dependabot config to automate vendoring #9748

Merged
merged 1 commit into from
Mar 18, 2021
Merged

add a dependabot config to automate vendoring #9748

merged 1 commit into from
Mar 18, 2021

Conversation

vrothberg
Copy link
Member

While dependabot has turned out great to automate updating dependencies,
a major painpoint was that we had to manually run make vendor for each
and every commit. It was causing noise.

Adding the config file to .github/dependabot.yml will take of also
updating the ./vendor tree. containers/common is using this config
for a while successfully.

Signed-off-by: Valentin Rothberg [email protected]

@saschagrunert @edsantiago @rhatdan PTAL

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 18, 2021
@vrothberg
Copy link
Member Author

Let's do this for the other projects as well.

@mheon
Copy link
Member

mheon commented Mar 18, 2021

Will it also sign its commits? That's another one we noticed

@saschagrunert
Copy link
Member

Will it also sign its commits? That's another one we noticed

Yes, this bug should be fixed on their side.

saschagrunert
saschagrunert approved these changes Mar 18, 2021
View reviewed changes
Copy link
Member

@saschagrunert saschagrunert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: saschagrunert, vrothberg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [saschagrunert,vrothberg]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@vrothberg
add a dependabot config to automate vendoring
1ca74b0 
While dependabot has turned out great to automate updating dependencies,
a major painpoint was that we had to manually run `make vendor` for each
and every commit.  It was causing noise.

Adding the config file to `.github/dependabot.yml` will take of also
updating the `./vendor` tree.  `containers/common` is using this config
for a while successfully.

[NO TESTS NEEDED]

Signed-off-by: Valentin Rothberg <[email protected]>
TomSweeneyRedHat
TomSweeneyRedHat reviewed Mar 18, 2021
View reviewed changes
.github/dependabot.yml
directory: "/"
schedule:
interval: daily
open-pull-requests-limit: 10
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not that we probably would, but what happens if we get 12 updates? Do the last two get queued up for "by hand" submission? Or am I misinterpreting this? If I'm on, I think I'd feel more comfortable at 15 or 20.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That should be scheduled for the next day. @saschagrunert, did you set 10 for a specific reason or was it a gut feeling?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If there are 10 PRs open Dependabot will not create new ones. I think this is a good amount to avoid spamming the project. :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @saschagrunert . So if it doesn't create number 11 and 12, is a notification sent out or will it just do those the next day?

@TomSweeneyRedHat
Copy link
Member

LGTM
but one question for rumination or my enlightenment.

@mheon
Copy link
Member

mheon commented Mar 18, 2021

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 18, 2021
@openshift-merge-robot openshift-merge-robot merged commit 5d9b070 into containers:master Mar 18, 2021
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 23, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@TomSweeneyRedHat TomSweeneyRedHat TomSweeneyRedHat left review comments

@saschagrunert saschagrunert saschagrunert approved these changes

Assignees

@mheon mheon

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@vrothberg @mheon @saschagrunert @openshift-ci-robot @TomSweeneyRedHat @openshift-merge-robot