Skip to content

[ci] Disable dependabot PRs#11072

Merged
areusch merged 1 commit intoapache:mainfrom
driazati:dps
May 12, 2022
Merged

[ci] Disable dependabot PRs#11072
areusch merged 1 commit intoapache:mainfrom
driazati:dps

Conversation

@driazati
Copy link
Member

@driazati driazati commented Apr 20, 2022
edited by github-actions bot
Loading

A bunch of these just got created (e.g. #11070) and are clogging up CI with 2x normal number of builds since they push to a branch and make a PR.

cc @Mousius @areusch

@driazati driazati marked this pull request as ready for review April 20, 2022 18:55
@github-actions github-actions bot requested a review from areusch April 20, 2022 18:56
@kparzysz-quic
Copy link
Contributor

kparzysz-quic commented Apr 21, 2022

These are security updates. I think we should at least consider keeping this bot. There are many new PRs opened because we've fallen behind on security-related updates.

@driazati
Copy link
Member Author

driazati commented Apr 21, 2022

Dependabot in principle is good but the PR workflow it uses isn’t great for us (it swarms CI with a bunch of jobs since each update spawns 2 CI jobs, one for the PR and another for the in-repo branch). I think it’d be better to use the alerts and do the updates ourselves: https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts

@driazati
[ci] Disable dependabot PRs
62d8fa0 
A bunch of these just got created (e.g. #11070) and are clogging up CI with 2x normal number of builds since they push to a branch and make a PR.
@github-actions
Copy link
Contributor

github-actions bot commented May 4, 2022

It has been a while since this PR was updated, @areusch please leave a review or address the outstanding comments. @driazati if this PR is still a work in progress, please convert it to a draft until it is ready for review.

@driazati driazati marked this pull request as draft May 9, 2022 17:10
@areusch
Copy link
Contributor

areusch commented May 11, 2022

@kparzysz-quic i do think it would be good to avoid excessive CI load from dependabot. Also, I'm not sure it will know how to work with gen_reqiurements...we'll likely need to adopt a reqiurements.txt style for specifying our deps. maybe we could revisit the PRs when we do that?

@kparzysz-quic
Copy link
Contributor

kparzysz-quic commented May 11, 2022

Sure, I'm ok with disabling it.

@driazati driazati marked this pull request as ready for review May 11, 2022 18:28
@areusch areusch merged commit 3d05362 into apache:main May 12, 2022
mehrdadh pushed a commit to mehrdadh/tvm that referenced this pull request May 16, 2022
@driazati @mehrdadh
[ci] Disable dependabot PRs (apache#11072)
e05d83e 
A bunch of these just got created (e.g. apache#11070) and are clogging up CI with 2x normal number of builds since they push to a branch and make a PR.

Co-authored-by: driazati <driazati@users.noreply.github.com>
shtinsa pushed a commit to Deelvin/tvm that referenced this pull request May 17, 2022
@driazati
[ci] Disable dependabot PRs (apache#11072)
416d397 
A bunch of these just got created (e.g. apache#11070) and are clogging up CI with 2x normal number of builds since they push to a branch and make a PR.

Co-authored-by: driazati <driazati@users.noreply.github.com>
shingjan pushed a commit to shingjan/tvm that referenced this pull request May 17, 2022
@driazati
[ci] Disable dependabot PRs (apache#11072)
cc2bbf8 
A bunch of these just got created (e.g. apache#11070) and are clogging up CI with 2x normal number of builds since they push to a branch and make a PR.

Co-authored-by: driazati <driazati@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@areusch areusch areusch approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@driazati @kparzysz-quic @areusch