Skip to content

Conversation

jimmyjames
Copy link
Contributor

@jimmyjames jimmyjames commented Oct 6, 2025

Fix up build and dependabot ignores to enable dependabot version bumps

Description

What problem is being solved?

Dependabot PRs are failing due to:

  • Attempting to update dependencies to new major versions that require java 17 (junit 6, spotless plugin v8)
  • Updating Jackson dependency version, and annotations dependency has different version schematics

How is it being solved?

  • Update dependabot.yaml ignores
  • Use Jackson BOM

What changes are made to solve it?

See above or the file diffs. Using the jackson bom will allow it to resolve without needing to specify versions for each or having issues if their versioning scheme changes.

References

#230

Review Checklist

  • I have clicked on "allow edits by maintainers".
  • I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
  • The correct base branch is being used, if not main
  • I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

  • Chores
    • Updated dependency management to use centralized BOMs, improving consistency across Jackson and OpenTelemetry libraries.
    • Refined automated dependency update settings to better align with project requirements and reduce unnecessary updates.
    • Applied the same configuration improvements across the main project and example modules.
  • Notes
    • No user-facing feature changes.
    • Expect improved build stability and more predictable dependency updates.

@jimmyjames jimmyjames requested a review from a team as a code owner October 6, 2025 20:21
Copy link
Contributor

coderabbitai bot commented Oct 6, 2025

Walkthrough

Updates Dependabot config across three ecosystems to rename the Spotless dependency key and add a JUnit Jupiter ignore rule. Refactors Gradle dependencies to use Jackson and OpenTelemetry BOMs, replacing versioned Jackson modules with BOM-managed, unversioned entries, including test/integration configurations.

Changes

Cohort / File(s) Summary
Dependabot config updates
`.github/dependabot.yaml`
Renames dependency-name from "com.diffplug.spotless:spotless-plugin-gradle" to "com.diffplug.spotless" in three update blocks; adds ignore for "org.junit.jupiter:junit-jupiter" versions ">=6.0.0"; applies identically to "/", "/examples/basic-examples", and "/examples/opentelemetry" ecosystems.
Gradle dependency management (BOM adoption)
`build.gradle`
Introduces Jackson BOM and replaces explicit Jackson versions with unversioned modules under the BOM (core, annotations, databind, datatype-jsr310). Adds OpenTelemetry BOM and aligns opentelemetry-api. Mirrors Jackson BOM usage in test/integration suites.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

Suggested reviewers

  • rhamzeh

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title succinctly summarizes the two primary changes in this pull request—switching to the Jackson BOM and updating Dependabot ignore rules—which directly reflects the modifications made to the build configuration and dependabot.yaml as described in the PR objectives. It is concise, clear, and uses standard commit message conventions without extraneous detail.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch chore/jackson-bom-and-fix-dependabot-ignores

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e0d68d1 and 5730e5f.

📒 Files selected for processing (2)
  • .github/dependabot.yaml (3 hunks)
  • build.gradle (2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Analyze (java)

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov-commenter
Copy link

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 35.19%. Comparing base (e0d68d1) to head (5730e5f).

❌ Your project status has failed because the head coverage (35.19%) is below the target coverage (80.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files
@@            Coverage Diff            @@
##               main     #231   +/-   ##
=========================================
  Coverage     35.19%   35.19%           
  Complexity     1071     1071           
=========================================
  Files           187      187           
  Lines          7087     7087           
  Branches        803      803           
=========================================
  Hits           2494     2494           
  Misses         4483     4483           
  Partials        110      110           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jimmyjames jimmyjames enabled auto-merge October 6, 2025 20:52
@jimmyjames jimmyjames added this pull request to the merge queue Oct 6, 2025
Merged via the queue into main with commit 23da547 Oct 6, 2025
25 checks passed
@jimmyjames jimmyjames deleted the chore/jackson-bom-and-fix-dependabot-ignores branch October 6, 2025 20:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants