Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove Dependabot #1423

Merged
merged 3 commits into from
Jun 23, 2022
Merged

Remove Dependabot #1423

merged 3 commits into from
Jun 23, 2022

Conversation

nathanhammond
Copy link
Contributor

@nathanhammond nathanhammond commented Jun 21, 2022
edited

Dependabot doesn't meet our needs, and should be removed from the project.

#1423 (comment)

@vercel
Copy link

vercel bot commented Jun 21, 2022

@nathanhammond is attempting to deploy a commit to the Vercel Team on Vercel.

A member of the Team first needs to authorize it.

@nathanhammond
Copy link
Contributor Author

This is being tested over in: https://github.com/nathanhammond/pnpm-dependabot

@nathanhammond nathanhammond changed the title Dependabot helper scripts. Remove Dependabot Jun 21, 2022
@nathanhammond nathanhammond added the pr: on hold Pull requests that are "on hold" and should not be merged label Jun 21, 2022
@nathanhammond
Copy link
Contributor Author

Not only is Dependabot non-ergonomic it is failing to identify lots of updates because it isn't detecting the pnpm lock file. The only way to make this play nicely is to actually get pnpm support into Dependabot, which, well, that's not a priority for us (or them).

You can see that failure happening here: https://github.com/nathanhammond/pnpm-dependabot/network/updates/396289119

Dependabot sees this as a feature, not a bug (which is fine, it'd work if Dependabot supported pnpm):
dependabot/dependabot-core#2894 (comment)

Tagging in the pnpm support issue so that others see what happened:
dependabot/dependabot-core#1736

@nathanhammond nathanhammond removed the pr: on hold Pull requests that are "on hold" and should not be merged label Jun 21, 2022
@vercel
Copy link

vercel bot commented Jun 21, 2022
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated
turbo-site ✅ Ready (Inspect) Visit Preview Jun 23, 2022 at 9:01PM (UTC)

gsoltis
gsoltis approved these changes Jun 23, 2022
View reviewed changes
Copy link
Contributor

@gsoltis gsoltis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, pnpm being unsupported by dependabot makes dependabot not the best choice. TBD on replacement.

@kodiakhq kodiakhq bot merged commit 84f8d36 into vercel:main Jun 23, 2022
@weyert
Copy link
Contributor

weyert commented Jun 23, 2022

Renovate works alright with Pnpm (used it on Gitlab)

@nathanhammond nathanhammond deleted the dependabot-pnpm branch June 27, 2022 22:59
dutterbutter pushed a commit to dutterbutter/docs-turbo that referenced this pull request Nov 1, 2022
@nathanhammond
Remove Dependabot (#1423)
2d0459f 
Dependabot doesn't meet our needs, and should be removed from the project.

vercel/turbo#1423 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gsoltis gsoltis gsoltis approved these changes

@jaredpalmer jaredpalmer Awaiting requested review from jaredpalmer

@gaspar09 gaspar09 Awaiting requested review from gaspar09

@tknickman tknickman Awaiting requested review from tknickman

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@nathanhammond @weyert @gsoltis