dependabot-dance: new tool for managing revendor PRs#7465
Conversation
|
/approve I will pull this and replace the one I have been using to try it out. |
openshift-ci-robot
added
the
approved
|
One problem I have with this is, I often go into a repo and manually do a dependabot-dance dependabot/go_modules/github.com/containers/storage-1.23.2 Which switches to each new dependabot. I always thought a good new feature would be to enhance the script to run this automatically. IE |
|
I also want to use this tool for more then just podman, I use it for storage, common, buildah, podman, skopeo ... |
|
/hold looks like I deeply misunderstood the way this is intended to be invoked. |
openshift-ci-robot
added
the
do-not-merge/hold
|
See dependabot/dependabot-core#670 for an upstream issue. |
edsantiago
force-pushed
the
dependabot_dance
branch
from
fb335a9 to
c14e74b
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: edsantiago, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@rhatdan could you please download and try the latest copy? (It worked for me on containers/storage#720, up to the git-push, which failed because I have no privs on that repo). Usage is now: Code flow is now:
|
|
Ok I tried this out on Podman today, and it worked for two dependabots, but it also got confused by some old dependabot branches in my repo. IE I had not destroyed all of my branches after I had updated. I think if I have a clean dependabot |
|
BTW, I think this PR needs to be rebased. It should not include the APIV2 stuff? |
|
I tried to run this command on Buildah, which had no dependabots available and it pulls down an old one and fails. |
It's easy to remove the git-author check, of course; but what is the right thing to do? Is there a way to clean up the old branches? |
edsantiago
force-pushed
the
dependabot_dance
branch
2 times, most recently
from
39ccedd to
f772314
Compare
|
Rebased, and updated so the author check will issue a "Continue?" prompt |
dependabot seems to submit PRs without running 'make vendor'. This script automates (with some safety checks) the manual process for pulling the PR, running 'make vendor-in-container', and force-pushing the PR. Usage: ./contrib/dependabot-dance It should take care of identifying your github repo, finding all active dependabot branches, running the make, git-add, and commit, then git-pushing. Signed-off-by: Ed Santiago <santiago@redhat.com>
edsantiago
force-pushed
the
dependabot_dance
branch
from
f772314 to
5095a34
Compare
|
I do |
|
Actually I ran this again, and it is working pretty well. |
|
LGTM |
|
This works pretty good, so I think we merge and then fix it going forward. |
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
github-actions
Bot
added
the
locked - please file new issue/PR
6 participants
dependabot seems to submit PRs without running 'make vendor'.
This script automates (with some safety checks) the manual
process for pulling the PR, running 'make vendor-in-container',
and force-pushing the PR.
Usage: ./contrib/dependabot-dance PR-NUMBER
It should take care of identifying your github repo, pulling
the PR, running the make, git-add and commit under vendor (or,
if nothing changed, aborting), then git-pushing.
Signed-off-by: Ed Santiago santiago@redhat.com