Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: dependabot workflow automation for updating dependency #2154

Merged
merged 1 commit into from
Oct 29, 2022

Conversation

Rajpratik71
Copy link
Contributor

Description

Dependabot workflow automation for updating dependency

Closes #2151

  • Relevant Issues : Update Github actions node version to 16 #2151
  • Relevant PRs : (optional)
  • Type of change :
    • New feature
    • Bug fix for existing feature
    • Code quality improvement
    • Addition or Improvement of tests
    • Addition or Improvement of documentation

@ptrthomas
Copy link
Member

@Rajpratik71 I'm sorry can you explain what this is about ? this is not clear at all

@ptrthomas
Copy link
Member

@Rajpratik71 okay, I think I get it a little bit. I'm personally not in favor of commits by bots, so for now - if you can just upgrade manually the versions needed, that will be very much preferred. or if you have some other suggestions

@Rajpratik71
Copy link
Contributor Author

Manual control of dependency is fine but with a growing no. of distributed upstream dependencies, it becomes hard to manage. So, for that automation should be there to update dependencies. Further, CI Pipeline is there to test those changes.

Further, this will not update the dependencies automatically, instead, a PR will be opened with changes that can be reviewed and tested with CI.

@ptrthomas ptrthomas merged commit 6b1b813 into karatelabs:develop Oct 29, 2022
@ptrthomas
Copy link
Member

@Rajpratik71 makes sense ! merged

@joelpramos
Copy link
Contributor

I think you might want to use the target-branch property to target PRs to the develop branch. https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#target-branch

@joelpramos
Copy link
Contributor

Alternatively you can consider patch releases against master just for dependency updates and continue on develop for minor releases. Might need to automate merges from master into develop.

@Rajpratik71
Copy link
Contributor Author

Alternatively you can consider patch releases against master just for dependency updates and continue on develop for minor releases. Might need to automate merges from master into develop.

Right @joelpramos , this approach make sense, as might have to patch master , while continue developing on develop.

And further, have to rebase develop from master.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants