Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add github action to check if OAF is Up to Date #443

Merged
merged 1 commit into from
Sep 24, 2024

Conversation

Coperh
Copy link
Contributor

@Coperh Coperh commented Sep 3, 2024

@Coperh Coperh force-pushed the feature/dependabot-autoupdate branch from 31c27d7 to 8c66769 Compare September 3, 2024 14:27
@Coperh
Copy link
Contributor Author

Coperh commented Sep 3, 2024

Can see the PRs it makes here: https://github.com/Coperh/objects-api/pulls

(have it set to 2 PRs since one was queued forever

@annashamray
Copy link
Collaborator

Let's discuss it

I see the created PR for python dependencies updates libraries which are included in open-api-framework
If we implement this we fill loose the reason why OAF was created
I think we can implement this dependabot auto-update in OAF itself, and then just update OAF version in the APIs
Is it possible to make dependabot monitoring only OAF new versions?

@alextreme @joeribekker what do you think?

@joeribekker
Copy link
Member

I see the created PR for python dependencies updates libraries which are included in open-api-framework
If we implement this we fill loose the reason why OAF was created
I think we can implement this dependabot auto-update in OAF itself, and then just update OAF version in the APIs

I see your point and I largely agree. Although registrations have some deps that are outside the OAF scope and also require updating in these components. Best solution would be to place the OAF-deps out of scope (but thats probably not possible) and let that be handled in the OAF-repo.

I'm still interested to see the effects. Dependabot could update OAF and conclude that because OAF was updated, other libraries are then also updated and dont need individual updating.

Is it possible to make dependabot monitoring only OAF new versions?

No clue but @Coperh can probably answer that.

@Coperh
Copy link
Contributor Author

Coperh commented Sep 4, 2024

@annashamray You can allow dependabot to only update certain libraries:

allow:
- dependency-name: "open-api-framework"

You can do the same with exclude

@annashamray
Copy link
Collaborator

@joeribekker @Coperh
After looking and OAF dependencies and seeing that they are not pinpoint to particular version, but mostly have ">=", it feels like my previous comment is not applicable, because we can have the same OAF version but different versions of its dependencies.

So let's try using it with current implementation.

.github/dependabot.yml Outdated Show resolved Hide resolved
@annashamray
Copy link
Collaborator

@Coperh Am I correct that with the current configuration a PR like this (Coperh#2) would be created for Python dependencies?

If that's correct then I have a question. In this PR only ci.txt and dev.txt are updated, and base.txt is left out. I'm afraid that in this case the next time we use pip-compile all these updated would be overwritten

@Coperh
Copy link
Contributor Author

Coperh commented Sep 13, 2024

@annashamray

Dependabot seems very inconsistent. Sometimes its all in one PR like Coperh#13, sometimes in separate PRs

It does not really work with the current structure since dev.txt does not inherit from base

@Coperh Coperh force-pushed the feature/dependabot-autoupdate branch from 8c66769 to 21c1686 Compare September 17, 2024 11:27
@Coperh Coperh requested a review from annashamray September 17, 2024 11:27
@Coperh
Copy link
Contributor Author

Coperh commented Sep 17, 2024

@annashamray Completely changed it to an action that checks if compile-dependencies changes anything.

I think I can remove the --exit-code and create a PR with the changes as well, but I have not looked fully into it.

@Coperh
Copy link
Contributor Author

Coperh commented Sep 17, 2024

Copy link
Collaborator

@annashamray annashamray left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please rename the PR, because it's not about dependabot anymore?

@Coperh Coperh changed the title 👷 add dependabot auto-update Add github action to check if OAF is Up to Date Sep 23, 2024
@Coperh Coperh merged commit 9de79f1 into master Sep 24, 2024
14 checks passed
@Coperh Coperh deleted the feature/dependabot-autoupdate branch September 24, 2024 07:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Script to check if all components use the latest OAf
4 participants