Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(workflow): dry dependabot.yml #1381

Merged
merged 1 commit into from
Aug 15, 2024
Merged

refactor(workflow): dry dependabot.yml #1381

merged 1 commit into from
Aug 15, 2024

Conversation

roschaefer
Copy link
Contributor

Motivation

I was looking into configuration for dependabot to update the same package across multiple package.jsons and found the directories option

My goal is to update e.g. vue across all subfolders to the same version. You can check our PR list and see that the same dependency is updated separately for each folder, which is the culprit of our many dependanbot PRs.

Nevertheless, even if we don't see this behaviour, it's good to DRY our configuration files.

How to test

  1. Merge this PR
  2. See if dependabot updates the same package across several directories

@roschaefer roschaefer requested a review from mahula July 9, 2024 22:25
@roschaefer roschaefer force-pushed the dry-dependabot-configuration branch from bb67355 to a79077d Compare July 9, 2024 22:27
@roschaefer roschaefer changed the title refactor(workflows): dry dependabot.yml refactor(workflow): dry dependabot.yml Jul 9, 2024
@roschaefer
Copy link
Contributor Author

It looks as if this change will have the desired behavior:

The directories option in the dependabot.yml file allows you to apply Dependabot updates to multiple directories at the same time.

But there is no option to check the dependabot configuration before it lands in master:
https://stackoverflow.com/questions/63943201/how-do-i-test-dependabot-before-merging-config

I will draft this PR and check the configuration on a copy of this repository.

@roschaefer roschaefer marked this pull request as draft July 10, 2024 08:29
@roschaefer roschaefer force-pushed the dry-dependabot-configuration branch from 5f85353 to 8bb3e84 Compare July 11, 2024 08:46
@mahula mahula added refactor dependencies Pull requests that update a dependency file devops labels Aug 1, 2024
@roschaefer roschaefer removed the request for review from mahula August 5, 2024 17:48
@mahula
Copy link
Contributor

mahula commented Aug 6, 2024

It looks as if this change will have the desired behavior:

The directories option in the dependabot.yml file allows you to apply Dependabot updates to multiple directories at the same time.

But there is no option to check the dependabot configuration before it lands in master: https://stackoverflow.com/questions/63943201/how-do-i-test-dependabot-before-merging-config

I will draft this PR and check the configuration on a copy of this repository.

I changed the Dependabot file in a fork. It partly works as expected, but not at 100 % (see https://github.com/mahula/dreammall.earth/pulls).
Letus take a closer look in some days.

@mahula mahula marked this pull request as ready for review August 15, 2024 07:30
@mahula mahula requested review from ulfgebhardt and Elweyn August 15, 2024 07:31
mahula
mahula requested changes Aug 15, 2024
View reviewed changes
.github/dependabot.yml Show resolved Hide resolved
@roschaefer roschaefer force-pushed the dry-dependabot-configuration branch from 4968aae to 4b559c1 Compare August 15, 2024 07:43
@roschaefer roschaefer requested a review from mahula August 15, 2024 07:44
@roschaefer
refactor(workflow): dry dependabot.yml
e0626c6 
Motivation
----------
I was looking into configuration for dependabot to update the same
package across multiple `package.json`s and found the [`directories`
option](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#directories)

My goal is to update e.g. `vue` *across all subfolders* to the same
version. You can check our PR list and see that the same dependency is
updated separately for each folder, which is the culprit of our many
dependanbot PRs.

Nevertheless, even if we don't see this behaviour, it's good to DRY our
configuration files.

How to test
-----------
1. Merge this PR
2. See if dependabot updates the same package across several directories
@roschaefer roschaefer force-pushed the dry-dependabot-configuration branch from 4b559c1 to e0626c6 Compare August 15, 2024 07:46
mahula
mahula approved these changes Aug 15, 2024
View reviewed changes
Copy link
Contributor

@mahula mahula left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes work fine (see this fork)

@roschaefer roschaefer merged commit 68a8bb8 into master Aug 15, 2024
34 checks passed
@ulfgebhardt ulfgebhardt deleted the dry-dependabot-configuration branch September 12, 2024 22:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mahula mahula mahula approved these changes

@ulfgebhardt ulfgebhardt Awaiting requested review from ulfgebhardt

@Elweyn Elweyn Awaiting requested review from Elweyn

Assignees

@roschaefer roschaefer

Labels
dependencies Pull requests that update a dependency file devops refactor
Projects
Dreammall.earth
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@roschaefer @mahula