Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add dependabot #1051

Merged
merged 4 commits into from
Sep 28, 2023
Merged

Add dependabot #1051

merged 4 commits into from
Sep 28, 2023

Conversation

inancgumus
Copy link
Member

@inancgumus inancgumus commented Sep 27, 2023

What?

Adds Github dependabot for our repository.

Why?

To keep our dependencies up to date, like k6-core, CDP proto, etc.

We usually do this manually, which can be a hassle and causes our dependencies go stale:

Checklist

  • I have performed a self-review of my code
  • I have added tests for my changes
  • I have commented on my code, particularly in hard-to-understand areas

@inancgumus inancgumus added ci dx developer experience labels Sep 27, 2023
@inancgumus inancgumus self-assigned this Sep 27, 2023
@inancgumus inancgumus marked this pull request as ready for review September 27, 2023 10:25
@inancgumus inancgumus requested review from ankur22 and ka3de September 27, 2023 10:25
ankur22
ankur22 previously approved these changes Sep 27, 2023
Copy link
Collaborator

@ankur22 ankur22 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like a good idea.

My only thought around this is that we shouldn't update before k6 unless there's a good reason to do so (blocking us due to a bug in a dependency etc).

.github/dependabot.yml Show resolved Hide resolved
@inancgumus
Copy link
Member Author

inancgumus commented Sep 27, 2023

Seems like a good idea.

Thanks, @ankur22 😊

My only thought around this is that we shouldn't update before k6 unless there's a good reason to do so (blocking us due to a bug in a dependency, etc.).

No worries. The bot only makes PRs, and we can decide whether to merge them. It has a UI that we can talk to using Github comments. So, we can include or exclude some of the dependencies per PR.

@inancgumus
Copy link
Member Author

@ankur22 I made some changes because the configuration syntax was incorrect.

ankur22
ankur22 previously approved these changes Sep 27, 2023
Copy link
Collaborator

@ankur22 ankur22 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

Copy link
Collaborator

@ankur22 ankur22 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

Copy link
Collaborator

@ka3de ka3de left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👏

@inancgumus inancgumus merged commit 89bb1fb into main Sep 28, 2023
12 checks passed
@inancgumus inancgumus deleted the add/dependabot branch September 28, 2023 07:38
@inancgumus inancgumus removed the dx developer experience label Oct 6, 2023
@inancgumus inancgumus added the productivity Issues and PRs that improve our productivity label Oct 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ci productivity Issues and PRs that improve our productivity
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants