Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auto-approve Dependabot PRs #9666

Closed
wants to merge 1 commit into from
Closed

Auto-approve Dependabot PRs #9666

wants to merge 1 commit into from

Conversation

peterbecich
Copy link
Member

Template Β: This PR does not modify cabal behaviour (documentation, tests, refactoring, etc.)

Include the following checklist in your PR:

Suggestion to auto-approve Dependabot PRs

Copied from:
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#approve-a-pull-request

This works fine in hackage-server: haskell/hackage-server#1289

This will not auto-merge Dependabot PRs; that's documented here: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request

@peterbecich peterbecich changed the title auto-approve Dependabot PRs Auto-approve Dependabot PRs Jan 28, 2024
geekosaur
geekosaur approved these changes Jan 28, 2024
View reviewed changes
Copy link
Collaborator

@geekosaur geekosaur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does not constitute administrative approval; I'd rather leave that to someone else.

@ulysses4ever
Copy link
Collaborator

As simple as it looks like on the surface, it's not entirely clear that we want to auto-approve all Dependabot suggestions. Consider discussion on #8807 for example

Mikolaj
Mikolaj requested changes Feb 1, 2024
View reviewed changes
Copy link
Member

@Mikolaj Mikolaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's discuss more before we merge this.

@Kleidukos
Copy link
Member

Any chance GHA definitions can exclude paths, like the requirements.txt?

@ffaf1
Copy link
Collaborator

ffaf1 commented Feb 1, 2024

I see some convenience in this, but there are risks (breaking stuff by auto mis-approvals, more stuff that breaks in CI). I don’t think the former is worth the latter.

@geekosaur
Copy link
Collaborator

For what it's worth, xmonad regularly sees CI breakage from dependabot updates because Haskell-CI hasn't caught up with it yet or because it's not compatible with older platforms we test on. (See for example xmonad/xmonad#491 (comment).)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mikolaj Mikolaj Mikolaj requested changes

@geekosaur geekosaur geekosaur approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@peterbecich @ulysses4ever @Kleidukos @ffaf1 @geekosaur @Mikolaj