Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lerna support #197

Merged
merged 6 commits into from
Jul 10, 2018
Merged

Lerna support #197

merged 6 commits into from
Jul 10, 2018

Conversation

greysteil
Copy link
Contributor

@greysteil greysteil commented Dec 26, 2017
edited
Loading

Currently, Dependabot supports monorepos that use Yarn workspaces, and those that add Dependabot manually for each package. This PR is intended to improve monorepo support further by using the information in a lerna.json file to automatically update all package.json and lockfile files in a monorepo at once. (I.e., it extends the current behaviour we use for Yarn workspaces to work for repos with a lerna.json file.)

TODO:

  • Fetch lockfiles as well as package.json files
  • Update FileParser to handle multiple packages at once
  • Update UpdateChecker to handle multiple packages at once (this should just work)
  • Update FileUpdater to handle multiple packages at once

@greysteil greysteil changed the title [WIP] Lerna supports [WIP] Lerna support Dec 26, 2017
@shoota shoota mentioned this pull request Jan 18, 2018
Merged
3 tasks
@greysteil greysteil self-assigned this Feb 21, 2018
@greysteil greysteil force-pushed the master branch 5 times, most recently from a50396c to dd3c6e4 Compare April 1, 2018 22:53
@greysteil greysteil mentioned this pull request Apr 27, 2018
Closed
@greysteil greysteil force-pushed the master branch 6 times, most recently from 36145bf to a9e667c Compare June 22, 2018 13:17
@greysteil greysteil force-pushed the lerna-support branch 2 times, most recently from 9b41524 to 91edd2c Compare July 10, 2018 15:50
@imhoffd
Copy link

imhoffd commented Jul 10, 2018

@greysteil Does this build on an underlying grouping mechanism that would be used in https://github.com/dependabot/feedback/issues/5? 😄

@greysteil
Copy link
Contributor Author

@dwieeb - sadly not - that's going to be a separate job. This just reads a lerna.json and figures out which additional files to pull down and update. Been meaning to get it finished for ages!

@imhoffd
Copy link

imhoffd commented Jul 10, 2018

I'm excited for lerna support regardless! 🎉

@greysteil greysteil changed the title [WIP] Lerna support Lerna support Jul 10, 2018
@greysteil greysteil merged commit 5748744 into master Jul 10, 2018
@greysteil greysteil deleted the lerna-support branch July 10, 2018 23:06
@greysteil
Copy link
Contributor Author

greysteil commented Jul 11, 2018
edited
Loading

Deployed, and working well in testing. @dwieeb - if you give it a go let me know. If you add Dependabot at the root of a repo with Lerna it will automatically detect all of the package.json files (and any lockfiles) and create PRs that bump all of them at once (for a given dependency).

@imhoffd
Copy link

imhoffd commented Nov 8, 2018

@greysteil Sorry for taking forever to get back to you. It seems to be working well, although I think globbing may be slightly inaccurate. (let me know if I should create an issue instead)

Take a look at the integration in https://github.com/ionic-team/ionic-cli

We use the following config for our lerna packages:

  "packages": [
    "packages/**"
  ],

lerna ls:

@ionic/cli-framework  v1.3.0
@ionic/discover       v1.0.7
@ionic/lab           v1.0.13
@ionic/utils-fs       v0.0.4
@ionic/utils-network  v0.0.4
@ionic/v1-toolkit    v1.0.12
cli-scripts          v0.0.22 (private)
ionic                 v4.3.1

But the dependabot language at the root of the repo only lists the packages as if the glob were packages/*:

image

@imhoffd imhoffd mentioned this pull request Nov 26, 2018
Closed
@johanneswuerbach johanneswuerbach mentioned this pull request Nov 1, 2022
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@greysteil greysteil

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@greysteil @imhoffd