Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

change(devops): Reduce number of dependabot PRs #7156

Merged
merged 7 commits into from
Jul 10, 2023
Merged

change(devops): Reduce number of dependabot PRs #7156

merged 7 commits into from
Jul 10, 2023

Conversation

teor2345
Copy link
Contributor

@teor2345 teor2345 commented Jul 5, 2023
edited
Loading

Motivation

We're getting a lot of dependabot PRs, but some of them don't have a meaningful amount of changes. Others need to be grouped to pass CI.

Close #6547

Specifications

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups

Complex Code or Requirements

We can update the groups later if they turn out not to work.

Solution

  • Only check for dependency updates weekly on Mondays, rather than daily (some dependencies update multiple times per week)
  • Group Rust dependency updates that usually happen together
  • Reduce the maximum number of open PRs to 2 * (reviewers - 1), because often someone is away or busy

Testing

  • add a validate dependabot step to our existing action lint job

Review

Let's try this and see how it goes?

Reviewer Checklist

  • Are the PR labels correct?
  • Does the code do what the ticket and PR says?
    • Does it change concurrent code, unsafe code, or consensus rules?
  • How do you know it works? Does it have tests?

Follow Up Work

Gustavo (or someone else) might want to group related GitHub Actions dependency updates, but I'm not sure what those groups should be.

@teor2345 teor2345 added A-dependencies Area: Dependency file updates A-devops Area: Pipelines, CI/CD and Dockerfiles P-Medium ⚡ I-cost Zebra infrastructure costs C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG labels Jul 5, 2023
@teor2345 teor2345 requested a review from a team as a code owner July 5, 2023 19:26
@teor2345 teor2345 self-assigned this Jul 5, 2023
@teor2345 teor2345 requested review from upbqdn and removed request for a team July 5, 2023 19:26
@github-actions github-actions bot added the C-enhancement Category: This is an improvement label Jul 5, 2023
@teor2345 teor2345 requested a review from a team as a code owner July 5, 2023 19:31
@teor2345 teor2345 requested review from dconnolly and removed request for a team July 5, 2023 19:31
@teor2345 teor2345 removed the C-enhancement Category: This is an improvement label Jul 5, 2023
@mpguerra mpguerra removed the request for review from dconnolly July 7, 2023 09:17
upbqdn
upbqdn reviewed Jul 8, 2023
View reviewed changes
Copy link
Member

@upbqdn upbqdn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great. Thanks for creating the groups.

.github/dependabot.yml Outdated Show resolved Hide resolved
.github/dependabot.yml Outdated Show resolved Hide resolved
upbqdn
upbqdn previously approved these changes Jul 8, 2023
View reviewed changes
@teor2345 @upbqdn
Expand comments, fix typos
f40d3b4 
Co-authored-by: Marek <mail@marek.onl>
@teor2345
Copy link
Contributor Author

teor2345 commented Jul 9, 2023

@Mergifyio update

@github-actions github-actions bot added C-enhancement Category: This is an improvement labels Jul 9, 2023
@mergify
Copy link
Contributor

mergify bot commented Jul 9, 2023

update

✅ Branch has been successfully updated

@teor2345 teor2345 requested a review from upbqdn July 9, 2023 20:39
@teor2345 teor2345 removed the C-enhancement Category: This is an improvement label Jul 9, 2023
@github-actions github-actions bot added the C-enhancement Category: This is an improvement label Jul 9, 2023
@upbqdn
Copy link
Member

upbqdn commented Jul 9, 2023

lol
image

@teor2345
Copy link
Contributor Author

teor2345 commented Jul 9, 2023

lol
image

I think I tried to fix this in PR #7158, some of the auto-label settings are too much 🤣

@teor2345 teor2345 removed the C-enhancement Category: This is an improvement label Jul 9, 2023
mergify bot added a commit that referenced this pull request Jul 9, 2023
@mergify
Merge of #7156
1b148ab
mergify bot added a commit that referenced this pull request Jul 9, 2023
@mergify
Merge of #7156
277c341
@mergify mergify bot mentioned this pull request Jul 9, 2023
Closed
@mergify mergify bot merged commit e733d71 into main Jul 10, 2023
@mergify mergify bot deleted the less-dependabot branch July 10, 2023 01:27
mergify bot added a commit that referenced this pull request Jul 10, 2023
@mergify
Merge of #7156
37623f8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@upbqdn upbqdn upbqdn approved these changes

Assignees

@teor2345 teor2345

Labels
A-dependencies Area: Dependency file updates A-devops Area: Pipelines, CI/CD and Dockerfiles C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG I-cost Zebra infrastructure costs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Group related dependency updates to avoid selecting multiple versions of the same transitive dependencies
2 participants
@teor2345 @upbqdn