Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure automation for dependency updates #4648

Merged
merged 2 commits into from
Sep 12, 2023
Merged

Configure automation for dependency updates #4648

merged 2 commits into from
Sep 12, 2023

Conversation

ferrarimarco
Copy link
Collaborator

@ferrarimarco ferrarimarco commented Sep 12, 2023
edited
Loading

Fixes #4647

Proposed Changes

Automate some of the dependency updates that Dependabot produces by automatically merging and approving:

  • Patch updates
  • Any updates to the actions/checkout action
  • Any updates to the docker/setup-buildx-action action
  • Any updates to the docker/metadata-action action

We can add more over time as we see fit by adding more conditions. To build new conditions, we can look at the metadata that Dependabot adds to commits. Example:

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Readiness Checklist

Author/Contributor

  • If documentation is needed for this change, has that been included in this pull request

Reviewing Maintainer

  • Label as breaking if this is a large fundamental change
  • Label as either automation, bug, documentation, enhancement, infrastructure, or performance

@ferrarimarco ferrarimarco added infrastructure related to project structure and maintenance automation related to helping the project operate more efficiently O: backlog 🤖 Backlog, stale ignores this label labels Sep 12, 2023
@ferrarimarco ferrarimarco self-assigned this Sep 12, 2023
@ferrarimarco ferrarimarco mentioned this pull request Sep 12, 2023
Closed
zkoppert
zkoppert approved these changes Sep 12, 2023
View reviewed changes
Copy link
Contributor

@zkoppert zkoppert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great! I'm interested to see how it works if the CI jobs fail. Hopefully it isn't able to bypass that.

@ferrarimarco ferrarimarco added this pull request to the merge queue Sep 12, 2023
@ferrarimarco
Copy link
Collaborator Author

It will not merge it because the PR with failing jobs will be removed from the merge queue.

Merged via the queue into main with commit 4847ddc Sep 12, 2023
3 checks passed
@ferrarimarco ferrarimarco deleted the automate-dependabot branch September 12, 2023 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zkoppert zkoppert zkoppert approved these changes

@admiralAwkbar admiralAwkbar Awaiting requested review from admiralAwkbar

@lindluni lindluni Awaiting requested review from lindluni

@nemchik nemchik Awaiting requested review from nemchik

@Hanse00 Hanse00 Awaiting requested review from Hanse00 Hanse00 is a code owner

@GaboFDC GaboFDC Awaiting requested review from GaboFDC

Assignees

@ferrarimarco ferrarimarco

Labels
automation related to helping the project operate more efficiently infrastructure related to project structure and maintenance O: backlog 🤖 Backlog, stale ignores this label
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Automate some dependency updates
2 participants
@ferrarimarco @zkoppert