Dependabot for Elixir deps for all tooling

[angelikatyborska]

Should we configure all tooling repos to automatically update Elixir deps with dependabot?

• Analyzer uses: jason, credo, dialyzer
• Test Runner uses: jason
• Representer uses: nothing

[neenjaw]

depends what update means -- patch versions? sure. Minor/major versions? no, I think that should be done by a human

[jiegillet]

I don't have much experience with long term maintenance of dependencies, but in principle I don't have an issue with asking dependabot to update things. If all tests pass, that should be fine, we can always fix broken things later. We can also treat dependabot as a notifier of new versions and not feel pressured to update...

[angelikatyborska]

In general, if you intend to maintain a project long term, I would say some sort of automated dependency update is necessary. The reason is that if you do maintain a project, at some point you will need to do a change to the project that requires a new external dependency or a new feature from the current one. If you didn't do regular dep updates, now you have to do all of them at once. This increases the risk and time sink of that one change.

I think our tools will be maintained long term, and we need fresh dependencies because we will do Elixir lang updates in all of them regularly.

If you have a good test coverage, automated dep updates should be safe. If you don't, you need to test each one manually. Here is where I am not so sure about our situation 🤔

The situation also hugely varies between Elixir deps and JS deps. Thankfully Elixir world is much more sane, and the version level changes actually mean something. In JS world, there are plenty of deps where major version updates aren't actually that, and plenty of patch version updates break your whole project 🤦

I think my vote would be to add automated updates to our projects for patch and minor updates, but not for major updates. But also there's so few of them, that I can also see this whole thing not being worth it.

[jiegillet]

How do we evaluate test coverage?

[angelikatyborska]

In the past I have used https://coveralls.io/ + https://github.com/parroty/excoveralls, apparently you can also pass a --cover option to mix test:

$ mix test --include external --cover
Cover compiling modules ...
Excluding tags: [:pending]
Including tags: [:external]

.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................# 2021-11-24T17:36:37.864Z [] [warn] Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'

# 2021-11-24T17:36:38.353Z [] [warn] Description: 'Authenticity is not established by certificate path validation'
     Reason: 'Option {verify, verify_peer} and cacertfile/cacerts is missing'

.............................................................................................................................................................................................................................................................................................................................warning: outdented heredoc line. The contents inside the heredoc should be indented at the same level as the closing """. The following is forbidden:

    def text do
      """
    contents
      """
    end

Instead make sure the contents are indented as much as the heredoc closing:

    def text do
      """
      contents
      """
    end

The current heredoc line is indented too little
  nofile:3

..........................................................................................................................................

Finished in 64.2 seconds (0.00s async, 64.2s sync)
940 tests, 0 failures

Randomized with seed 794400

Generating cover results ...

Percentage | Module
-----------|--------------------------
     0.00% | ElixirAnalyzer.CLI
     0.00% | ElixirAnalyzer.ExerciseTest.AssertCall.SyntaxError
     0.00% | ElixirAnalyzer.ExerciseTest.CheckSource
     0.00% | ElixirAnalyzer.ExerciseTest.CheckSource.Compiler
     0.00% | ElixirAnalyzer.Summary
    60.98% | ElixirAnalyzer.ExerciseTest.AssertCall
    72.97% | ElixirAnalyzer.ExerciseTest.Feature
    77.65% | ElixirAnalyzer
    81.82% | ElixirAnalyzer.Submission
    83.33% | ElixirAnalyzer.LogFormatter
    88.89% | ElixirAnalyzer.QuoteUtil
    89.80% | ElixirAnalyzer.ExerciseTest.Feature.Compiler
    96.36% | ElixirAnalyzer.ExerciseTestCase
    97.37% | ElixirAnalyzer.ExerciseTest.CommonChecks.FunctionCapture
    99.00% | ElixirAnalyzer.ExerciseTest.AssertCall.Compiler
   100.00% | ElixirAnalyzer.Comment
   100.00% | ElixirAnalyzer.Constants
   100.00% | ElixirAnalyzer.ExerciseTest
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.BooleanFunctions
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.Comments
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.CompilerWarnings
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.DebugFunctions
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.DeprecatedRandomModule
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.ExemplarComparison
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.FunctionNames
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.Indentation
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.LastLineAssignment
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.ListPrependHead
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.ModuleAttributeNames
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.ModulePascalCase
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.PrivateHelperFunctions
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.UncommonErrors
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.UnlessWithElse
   100.00% | ElixirAnalyzer.ExerciseTest.CommonChecks.VariableNames
   100.00% | ElixirAnalyzer.ExerciseTest.Feature.FeatureError
   100.00% | ElixirAnalyzer.Source
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.AssertCall
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.AssertCall.Erlang
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.AssertCall.FunctionParentheses
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.AssertCall.IndirectCall
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.AssertCall.ModuleTracking
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.AssertCall.MultipleClauseFunctions
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.AssertNoCall
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.CheckSource
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.CommentOrder
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.Feature
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.Feature.BlockEndsWith
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.Feature.BlockIncludes
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.Feature.Pipes
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.Feature.StringInterpolation
   100.00% | ElixirAnalyzer.Support.AnalyzerVerification.SuppressIf
   100.00% | ElixirAnalyzer.Support.Constants
   100.00% | ElixirAnalyzer.TestSuite.Accumulate
   100.00% | ElixirAnalyzer.TestSuite.BirdCount
   100.00% | ElixirAnalyzer.TestSuite.BoutiqueInventory
   100.00% | ElixirAnalyzer.TestSuite.BoutiqueSuggestions
   100.00% | ElixirAnalyzer.TestSuite.CaptainsLog
   100.00% | ElixirAnalyzer.TestSuite.Chessboard
   100.00% | ElixirAnalyzer.TestSuite.Default
   100.00% | ElixirAnalyzer.TestSuite.FileSniffer
   100.00% | ElixirAnalyzer.TestSuite.FreelancerRates
   100.00% | ElixirAnalyzer.TestSuite.GermanSysadmin
   100.00% | ElixirAnalyzer.TestSuite.GuessingGame
   100.00% | ElixirAnalyzer.TestSuite.HighSchoolSweetheart
   100.00% | ElixirAnalyzer.TestSuite.HighScore
   100.00% | ElixirAnalyzer.TestSuite.LanguageList
   100.00% | ElixirAnalyzer.TestSuite.Lasagna
   100.00% | ElixirAnalyzer.TestSuite.Leap
   100.00% | ElixirAnalyzer.TestSuite.LibraryFees
   100.00% | ElixirAnalyzer.TestSuite.ListOps
   100.00% | ElixirAnalyzer.TestSuite.LogLevel
   100.00% | ElixirAnalyzer.TestSuite.NameBadge
   100.00% | ElixirAnalyzer.TestSuite.NeedForSpeed
   100.00% | ElixirAnalyzer.TestSuite.NewPassport
   100.00% | ElixirAnalyzer.TestSuite.Newsletter
   100.00% | ElixirAnalyzer.TestSuite.PacmanRules
   100.00% | ElixirAnalyzer.TestSuite.RpgCharacterSheet
   100.00% | ElixirAnalyzer.TestSuite.RpnCalculatorInspection
   100.00% | ElixirAnalyzer.TestSuite.RpnCalculatorOutput
   100.00% | ElixirAnalyzer.TestSuite.SquareRoot
   100.00% | ElixirAnalyzer.TestSuite.Strain
   100.00% | ElixirAnalyzer.TestSuite.TakeANumber
   100.00% | ElixirAnalyzer.TestSuite.TopSecret
   100.00% | ElixirAnalyzer.TestSuite.TwoFer
   100.00% | ElixirAnalyzer.TestSuite.WineCellar
-----------|--------------------------
    84.43% | Total