Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Dependabot #326

Closed
11 tasks done
Mariatta opened this issue May 26, 2019 · 20 comments
Closed
11 tasks done

Adding Dependabot #326

Mariatta opened this issue May 26, 2019 · 20 comments

Comments

@Mariatta
Copy link
Member

@Mariatta Mariatta commented May 26, 2019

I'd like to add dependabot to our projects.

  • miss-islington
  • bedevere
  • the-knights-who-say-ni
  • blurb-it
  • pythondotorg

Example PR by dependabot: python/miss-islington#232

  • Add dependabot-preview[bot] to the list of trusted users in our Heroku instance of the-knights-who-say-ni

Uninstall pyup-io:

  • miss-islington
  • bedevere
  • the-knights-who-say-ni
  • blurb-it
  • pythondotorg
@brettcannon
Copy link
Member

@brettcannon brettcannon commented May 27, 2019

SGTM

@webknjaz
Copy link
Contributor

@webknjaz webknjaz commented May 27, 2019

FTR GitHub has acquired Dependabot and they are integrating things into GitHub itself.

@Mariatta
Copy link
Member Author

@Mariatta Mariatta commented May 28, 2019

@encukou I'm having trouble removing pyup.io integration from miss-islington. When I logged in to
https://pyup.io/account/repos/github/python/miss-islington/, it says that the integration was added by you, so I couldn't remove it.

Screen Shot 2019-05-27 at 7 25 12 PM

Can you remove pyup.io integration for python/miss-islington?

Thanks

@Mariatta
Copy link
Member Author

@Mariatta Mariatta commented May 28, 2019

Strange, it is the same problem for blurb-it 🤔

Screen Shot 2019-05-27 at 7 34 24 PM

@encukou
Copy link
Member

@encukou encukou commented May 28, 2019

Hmmm. I don't remember doing that, but here we are :)
I've removed pyup.io integration from miss-islington and blurb-it.
The integration is also set up for core-workflow (added by me), bedevere and the-knights-who-say-ni (both added by @brettcannon).
Should I remove pyup.io from core-workflow as well?

@Mariatta
Copy link
Member Author

@Mariatta Mariatta commented May 29, 2019

Thanks. Hmm technically pyup.io is useless in core-workflow, there is no requirements text or anything like that. Might as well remove it

@brettcannon
Copy link
Member

@brettcannon brettcannon commented May 30, 2019

If I need to remove anything just let me know.

@Mariatta
Copy link
Member Author

@Mariatta Mariatta commented Jun 1, 2019

If I need to remove anything just let me know.

I've requested dependabot to be added to bedevere and the-knights-who-say-ni. I don't have the right permission to add it directly.
Once we've added dependabot to those repos, we can remove pyup.io

@Mariatta
Copy link
Member Author

@Mariatta Mariatta commented Jun 3, 2019

Update: I requested automerge feature from dependabot (in closed beta), and it's been enabled for Python org. 🥳

@brettcannon
Copy link
Member

@brettcannon brettcannon commented Jun 3, 2019

Yeah, turns out I don't have admin access anymore either.

@Mariatta
Copy link
Member Author

@Mariatta Mariatta commented Jun 4, 2019

@ewdurbin can you look into installing dependabot to bedevere and the-knights-who-say-ni? Thanks.

@ewdurbin
Copy link
Member

@ewdurbin ewdurbin commented Jun 6, 2019

@Mariatta I've reviewed and approved all pending installations for dependabot.

@Mariatta
Copy link
Member Author

@Mariatta Mariatta commented Jun 20, 2019

Thanks @ewdurbin. @brettcannon if you can remove pyup from bedevere and the-knights-who-say-ni, then I think this issue can be closed. Thanks.

@brettcannon
Copy link
Member

@brettcannon brettcannon commented Jun 20, 2019

@Mariatta I can't as I lack admin access.

@ewdurbin could you remove pyup from https://github.com/python/bedevere and https://github.com/python/the-knights-who-say-ni?

@ewdurbin
Copy link
Member

@ewdurbin ewdurbin commented Jun 21, 2019

Done. All I could find was web hooks configured to notify pyup. Those have been removed.

@ewdurbin ewdurbin closed this Jun 21, 2019
@Mariatta
Copy link
Member Author

@Mariatta Mariatta commented Jul 2, 2019

Seems like we still don't have dependabot in bedevere and the-knights-who-say-ni 😥
I had to manually merge the PRs from pyup.io.
python/the-knights-who-say-ni#183
python/bedevere#177

@ewdurbin
Copy link
Member

@ewdurbin ewdurbin commented Jul 2, 2019

re Dependabot: I didn't realize we needed to do anything on the Dependabot side, that's been done and initial PRs should be opened soon.

re pyup: It's not clear to me how to further disable it.

@ewdurbin
Copy link
Member

@ewdurbin ewdurbin commented Jul 2, 2019

scratch that, found those two repos in pyup.io but still can't figure out how to disable new update PRs

@Mariatta
Copy link
Member Author

@Mariatta Mariatta commented Jul 2, 2019

Thanks! I saw the incoming PRs from dependabot 🚀

@Mariatta Mariatta closed this Jul 2, 2019
@brettcannon
Copy link
Member

@brettcannon brettcannon commented Jul 2, 2019

I logged into pyup.io and removed the repos explicitly so that should take care of that. I guess as long as the integrations are removed so they don't have access and we are all good?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants