Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Dependabot Config #11328

Merged
merged 1 commit into from
Jan 19, 2023
Merged

Add Dependabot Config #11328

merged 1 commit into from
Jan 19, 2023

Conversation

sconvent
Copy link
Contributor

What is the purpose of the change

As discussed in #11308, a Dependabot config is helpful for maintaining the project. For now, the config is set up to only suggest minor or patch version updates as its main intention is to keep up with bug and vulnerability fixes. Major version updates rarely can be automated as they usually break the build.

Brief changelog

This will add a Dependabot config with the following properties:

  • Runs every Monday at 3am eastern time
  • Will ignore major version updates
  • Never has more than 20 open PRs at any given time

Additional points

  • The above properties are a suggestion and I'm happy to discuss any changes.
  • I performed a dry-run and Dependabot will initially create a bunch of PRs (roughly 20). That will be a bit of work to go through them.
  • Unfortunately it is not possible to exclude subfolders from the scan. So it would also suggest to upgrade the Spring version in dubbo-test/dubbo-test-spring3.2/pom.xml for example although the version there is intentional. These kind of PRs would have to be fixed manually.

Verifying this change

Checklist

  • Make sure there is a GitHub_issue field for the change (usually before you start working on it). Trivial changes like typos do not require a GitHub issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue.
  • Each commit in the pull request should have a meaningful subject line and body.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Check if is necessary to patch to Dubbo 3 if you are work on Dubbo 2.7
  • Write necessary unit-test to verify your logic correction, more mock a little better when cross module dependency exist. If the new feature or significant change is committed, please remember to add sample in dubbo samples project.
  • Add some description to dubbo-website project if you are requesting to add a feature.
  • GitHub Actions works fine on your own branch.
  • If this contribution is large, please follow the Software Donation Guide.

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

AlbumenJ
AlbumenJ approved these changes Jan 19, 2023
View reviewed changes
Copy link
Member

@AlbumenJ AlbumenJ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@AlbumenJ
Copy link
Member

Thanks for your contribution. I will merge it later.

@AlbumenJ AlbumenJ merged commit e8f742a into apache:3.2 Jan 19, 2023
@AlbumenJ AlbumenJ mentioned this pull request Jan 19, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlbumenJ AlbumenJ AlbumenJ approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sconvent @AlbumenJ