Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

poetryとdependabotの共存実験メモ #1

Closed
ababa831 opened this issue Dec 22, 2021 · 8 comments
Closed

poetryとdependabotの共存実験メモ #1

ababa831 opened this issue Dec 22, 2021 · 8 comments

Comments

@ababa831
Copy link
Owner

ababa831 commented Dec 22, 2021
edited
Loading

概要

  • poetryで管理している各種依存関係のマニフェスト的なもの(pyproject.tomlかな?)に対して,dependabotがモニタして更新PRを投げる
  • PRに対してCIを走らせる
    • 差分が出ているマニフェストに対して仮想環境を構築してinstall
    • installした仮想環境でMLの各種コードのテスト

↑がすべてPassすればとりあえずMLコードが動くかどうかという部分の品質はOK

本issueで作業内容を追記していく

参考

https://qiita.com/t-okibayashi/items/0ed33ff9c34c50e1582c

https://docs.github.com/ja/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/about-dependabot-version-updates
@ababa831
Copy link
Owner Author

リポジトリでdependabotを有効化

Insights>Dependencygraph>Dependabot
github-dependabot-2021_insight-1

@ababa831
Copy link
Owner Author

ababa831 commented Dec 22, 2021
edited
Loading

recursivelyで拾えないのか

dependabot/dependabot-core#3951

version: 2
updates:
  - package-ecosystem: "pip"
    directory: "/src/*"
    schedule:
      interval: "daily"
      time: "02:00"

↑こんな感じでsrc以下をすべて走査させたい

@ababa831 ababa831 mentioned this issue Dec 23, 2021
Merged
@ababa831
Copy link
Owner Author

ababa831 commented Dec 23, 2021
edited
Loading

CI作成&dependabot仕込んだ
ちゃんとpyproject.tomlとpoetry.lockをトラッキングしている

dependabot_tracking

PRも想定通り作成

https://github.com/ababa831/demo_poetry_with_dependabot/pull/3/files

@ababa831 ababa831 mentioned this issue Dec 23, 2021
Merged
@ababa831
Copy link
Owner Author

ababa831 commented Dec 23, 2021
edited
Loading

CI 依存関係の自動解消ERROR確認
→依存関係問題発生したときの挙動としては期待通り
poetry_dependencies_test

@ababa831
Copy link
Owner Author

pytestまで 通ったときの挙動
poetry_dependencies_test_passed

@ababa831
Copy link
Owner Author

参考

https://zenn.dev/nasubita/articles/81676e51b150dc
https://zenn.dev/nasubita/articles/81676e51b150dc

@ababa831
Copy link
Owner Author

ababa831 commented Jan 6, 2022

#12

Push時にCI走ることを確認

dependabot_pr_w_ci
dependency_check

@ababa831
Copy link
Owner Author

ababa831 commented Jan 6, 2022

ほしい機能要件を満たしていることを確認したのでClose

@ababa831 ababa831 closed this as completed Jan 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ababa831