Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency bots (Dependabot/Renovate) don't work well #968

Open
krzema12 opened this issue Sep 9, 2023 · 2 comments
Open

Dependency bots (Dependabot/Renovate) don't work well #968

krzema12 opened this issue Sep 9, 2023 · 2 comments
Labels
problem Not really a bug, but something isn't right.

Comments

@krzema12
Copy link
Member

krzema12 commented Sep 9, 2023
edited

If the bot opens a PR that e.g. bumps some action's version from v3 to v4, it will happen only in the YAML, not in the Kotlin script that is actually the source of truth for the workflows.

To adjust the version in the Kotlin script as well, several things have to happen:

  1. github-workflows-kt has to support the new version. It now lags up to 2 weeks after a new major version is released.
  2. there has to be a mechanism that understands Kotlin script and the library, and knows what to change to update the action
  3. CI has to check consistency between the YAML and the Kotlin script

#941 will likely solve the first item. The CI check is also possible to add.
@krzema12 krzema12 added the problem Not really a bug, but something isn't right. label Sep 9, 2023
@krzema12
Copy link
Member Author

krzema12 commented Sep 9, 2023

I can imagine a GitHub action that one could configure to trigger for each Dependabot/Renovate PR. It would analyze the PR, check which actions are updated, and push another commit that makes the same updates in the Kotlin scripts.

This was referenced Sep 11, 2023
Merged
Closed
@krzema12
Copy link
Member Author

krzema12 commented Oct 2, 2023

This will be tackled in #941

@FooIbar FooIbar mentioned this issue Dec 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
problem Not really a bug, but something isn't right.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@krzema12