Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: Add dependabot configuration #474

Merged
merged 1 commit into from
Feb 5, 2021
Merged

ci: Add dependabot configuration #474

merged 1 commit into from
Feb 5, 2021

Conversation

twpayne
Copy link
Contributor

@twpayne twpayne commented Feb 1, 2021

This adds Dependabot for Hubble, like cilium/cilium#14694.

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label PR is blocked until the release note is set label Feb 1, 2021
@twpayne twpayne added release-note/misc This PR makes changes that have no direct user impact. 🤖 area/CI Impacts the testing / continuous integration testing of the project. labels Feb 1, 2021
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label PR is blocked until the release note is set label Feb 1, 2021
kaworu
kaworu requested changes Feb 1, 2021
View reviewed changes
Copy link
Member

@kaworu kaworu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this PR @twpayne!

.github/dependabot.yml Outdated Show resolved Hide resolved
tklauser
tklauser requested changes Feb 1, 2021
View reviewed changes
.github/dependabot.yml Outdated Show resolved Hide resolved
@twpayne twpayne requested a review from tklauser February 2, 2021 11:19
@twpayne twpayne requested a review from kaworu February 2, 2021 11:19
@twpayne twpayne mentioned this pull request Feb 2, 2021
Merged
tklauser
tklauser approved these changes Feb 2, 2021
View reviewed changes
Copy link
Member

@tklauser tklauser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Should we disable automatic rebasing as well (see cilium/cilium#14826)? Though, in Hubble we don't have long running Jenkins CI jobs which would be affected, but it might lead to fewer surprises compared to dependabot behaviour in cilium/cilium.

gandro
gandro approved these changes Feb 2, 2021
View reviewed changes
Copy link
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM as well! I agree with Tobias that we probably don't need automatic rebase.

@tklauser
Copy link
Member

tklauser commented Feb 2, 2021

FYI: cilium/cilium#14837 will probably make sense to limit the number of open PRs for the Hubble repo as well to avoid merge conflicts between update PRs.

@twpayne
ci: Add dependabot configuration
0b5da07 
Signed-off-by: Tom Payne <tom@isovalent.com>
@twpayne
Copy link
Contributor Author

twpayne commented Feb 3, 2021

OK, PR update to disable rebases and limit the number of open PRs to 1, as proposed by @tklauser.

@kaworu
Copy link
Member

kaworu commented Feb 5, 2021

Does this mean that dependabot can only open one PR per week? If correct, is there a scenario where it can't keep up with the dependencies update (i.e. there are more than one module update per week)?

@tklauser
Copy link
Member

tklauser commented Feb 5, 2021
edited

Does this mean that dependabot can only open one PR per week? If correct, is there a scenario where it can't keep up with the dependencies update (i.e. there are more than one module update per week)?

I don't think so. As I read the dependabot config documentation, it will check for updates once a week and then send them one by one. So there could be multiple update PRs in a week but only one open at a time. They will be updating the individual modules to the most recent version at the time of the update check, which could in the worst case be one week old.

kaworu
kaworu approved these changes Feb 5, 2021
View reviewed changes
Copy link
Member

@kaworu kaworu left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tklauser thanks for looking into this. Additionally the bits about security fixes (which was my main concern) having their separate limit is nice:

[about open-pull-requests-limit] This option has no impact on security updates, which have a separate, internal limit of ten open pull requests.

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Feb 5, 2021
@kaworu kaworu merged commit 2bca3ae into master Feb 5, 2021
@kaworu kaworu deleted the pr/twpayne/dependabot branch February 5, 2021 08:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gandro gandro gandro approved these changes

@kaworu kaworu kaworu approved these changes

@tklauser tklauser tklauser approved these changes

Assignees

@kaworu kaworu

@tklauser tklauser

Labels
🤖 area/CI Impacts the testing / continuous integration testing of the project. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@twpayne @tklauser @kaworu @gandro