Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clean up Open PRs #1626

Closed
9 tasks done
ryanfchase opened this issue Nov 19, 2023 · 13 comments
Closed
9 tasks done

Clean up Open PRs #1626

ryanfchase opened this issue Nov 19, 2023 · 13 comments
Assignees
Labels
Feature: GitHub Board/Onboarding Anything to do with team onboarding Role: Frontend React front end work Size: 1pt Can be done in 6 hours

Comments

@ryanfchase
Copy link
Member

ryanfchase commented Nov 19, 2023

Overview

We have a long list of PRs that likely aren't being used anymore. We'll use this ticket to list, review, and handle each of those PRs.

Action Items: Please review these lists

PRs by Author

PRs which affect archived directories (e.g. server)

Generally Outdated

@ryanfchase ryanfchase added Role: Frontend React front end work Size: 1pt Can be done in 6 hours Role: Product Management Feature: GitHub Board/Onboarding Anything to do with team onboarding labels Nov 19, 2023
@ryanfchase ryanfchase added this to the 03 - Project Management milestone Nov 19, 2023
@Skydodle
Copy link
Member

Skydodle commented Dec 8, 2023

Regarding dependabot PRs:

I’ve had small experience with dependabots on my personal projects. It basically scans the repository periodically to see if there are dependencies that can be updated without breaking the app, which help with closing security vulnerabilities from outdated packages.
It’s generally safe to trust the ones that has a check mark (which means it built with the updated dependency and passed the build test without conflict).

The only ones we would have to investigate manually are the ones with x marks that failed the build tests. But dependabots usually provide pretty good logs for one to investigate and fix. The failed reason varies. The one I experienced was an npm package that was super outdated and no longer supported/maintained.

@Skydodle
Copy link
Member

Skydodle commented Dec 8, 2023

But also my experience is based on personal projects, which are relatively small compare to real world projects. I've read some devs pointed out that as the app grow larger the dependencybot conflicts would also increase since the number of dependencies would also most likely be growing. And also it would be catching stuff that we forgot to write tests for.

Another suggestion is to just ignore them and keep all dependencies on current version so we can focus on other things. I would even delete those current dependabot PRs (since those PRs suggested dep versions maybe outdated later on). Then when we are ready to launch or scale, run the dependencybot and spend time dealing with them all at once. Not sure if this is for the best though.

@ryanfchase
Copy link
Member Author

ryanfchase commented Dec 8, 2023

@Skydodle thanks.

There are 36 dependabot open PRs, and maybe 2/3s have green checkmarks. In lieu of having a test framework, it may be prudent to go through each one and test that it doesn't break the map. It will take longer, but we don't have a better way of confirming that it was a non-breaking change.

Alternatively, one could go and, on their own branch, implement the code change from each of the green checkmark dependabot PRs. This person would then test them all at once, and see if the map works as expected. If not, we'd have to go through and weed out the bad change.

Thoughts?

edit: I could be convinced that this is too much work, if green-checkmarks are pretty trustworthy. We could then use the above strategy for the questionable dependabot PRs.

@Skydodle
Copy link
Member

Skydodle commented Dec 8, 2023

I could dig in to see if Github has any guidelines on testing all the dependabot changes on a target branch before just trusting them and merge to main. I can work on that.

@ryanfchase
Copy link
Member Author

Thank you @Skydodle - I've moved the ticket to Prioritized Backlog. Please assign yourself when you begin working, partial investigative info is still useful. Feel free to do as much as you can and report your findings and unassign.

@Skydodle Skydodle self-assigned this Dec 8, 2023
@Skydodle
Copy link
Member

Skydodle commented Dec 8, 2023

Thanks @ryanfchase I will work on it in the next few days and post findings.

@Skydodle
Copy link
Member

@ryanfchase can you/ someone open a sub- issue specifically for dealing with the current dependabots PRs?

I have some findings for short-term and long-term solution, and I want to post them under this new sub-issue for discussion. I don't want to clog up this current issue's board, as clearing the dependabot PRs is just one of many sub-stasks of this issue.

Let me know what you think.

@ryanfchase
Copy link
Member Author

ryanfchase commented Dec 13, 2023

@Skydodle I've opened a new issue here: #1641

We'll move the issue to Prioritized Backlog once you're satisfied with the strategy there. Please unassign yourself from this ticket and move it back to Prioritized Backlog (since you're soon to contribute to 1641). Also, feel free to open new issues on your own via the Blank Issue template. Assign to myself / @edwinjue for us to approve the issue.

@Skydodle Skydodle removed their assignment Dec 20, 2023
@Skydodle Skydodle self-assigned this Jan 23, 2024
@Skydodle
Copy link
Member

Skydodle commented Jan 23, 2024

@edwinjue @ryanfchase I reviewed the remaning PRs listed in this issue (except the README one), all of them were requested to merge with the dev branch, and therefore has no effect on the current working branch main whether we merge them or not. Also these were very old change requests (late 2021 to early 2023) pertaining to the previous repo before we switch to front-end only.

My suggestion is to close them without merge since they have no effect on the current working repo. Please kindly advise if I'm good to proceed.

List of the proposed PRs to be closed without merge Screenshot 2024-01-23 at 9 17 47 PM

@ryanfchase
Copy link
Member Author

Thank you @Skydodle -- we're good to close the PRs without merge! Thank you for reviewing them.

@Skydodle
Copy link
Member

Skydodle commented Jan 24, 2024

@edwinjue @ryanfchase

This is entire issue is ready to be closed, please kindly review the details below:

  • I've closed out the outdated PRs listed in my previous comment
  • Moved on to review the 3 README PRs & took action as below:

Side-note:

  • The README overall still has some outdated information and needs to be consider for future tickets.

Let me know if I'm good to proceed and close this issue. Thank you =)

@ryanfchase
Copy link
Member Author

ryanfchase commented Jan 24, 2024

Looking great @Skydodle -- this issue is good to close (moved to In Review while I was reviewing. Closing will move to Done)

@Skydodle
Copy link
Member

@ryanfchase Thank you clarifying the review & closing workflow!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature: GitHub Board/Onboarding Anything to do with team onboarding Role: Frontend React front end work Size: 1pt Can be done in 6 hours
Projects
Development

No branches or pull requests

2 participants