You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Back in November 2020, the Renovate app added a feature to estimate the confidence level that a dependency upgrade will go smoothly: https://www.mend.io/blog/merge-confidence/ . We now get this by default for the PRs it generates for our NPM dependencies, but don't yet have anything comparable in our make upgrade PRs. Renovate does now have basic support for pip-compile, but admits that it isn't really ready for most production use cases: https://docs.renovatebot.com/modules/manager/pip-compile/ . But while we probably don't trust it to generate correct PRs for updating requirements files, the description of a general "update all dependencies" PR would contain "Merge Confidence" data that might be useful context when deciding how carefully to review a make upgrade PR. Let's try an experiment to see how useful this is.
A/C:
edx-platform has a Renovate-generated PR listing all available PyPI package updates with a Merge Confidence section.
The PR doesn't yet include NPM dependencies. While that would probably help for other work, it might also flood the description with information that would make it hard to decide how useful the feature is for the Python ecosystem.
Some effort is made to prevent the PR from being accidentally merged (manually give it a review requesting changes?)
There isn't a flood of other Dependabot PRs on edx-platform.
Side note: I considered the feasibility of integrating this information directly into the make upgrade PRs, but it doesn't seem practical yet. The roadmap issue for publishing the Merge Confidence data on a website hasn't been started yet, and the badge image URLs don't look predictable enough to use outside the context of a Renovate-generated PR.
The text was updated successfully, but these errors were encountered:
Back in November 2020, the Renovate app added a feature to estimate the confidence level that a dependency upgrade will go smoothly: https://www.mend.io/blog/merge-confidence/ . We now get this by default for the PRs it generates for our NPM dependencies, but don't yet have anything comparable in our
make upgradePRs. Renovate does now have basic support for pip-compile, but admits that it isn't really ready for most production use cases: https://docs.renovatebot.com/modules/manager/pip-compile/ . But while we probably don't trust it to generate correct PRs for updating requirements files, the description of a general "update all dependencies" PR would contain "Merge Confidence" data that might be useful context when deciding how carefully to review amake upgradePR. Let's try an experiment to see how useful this is.A/C:
The docs on the Merge Confidence feature are at https://docs.renovatebot.com/merge-confidence/ . The docs on telling Renovate where to find our requirements files are at https://docs.renovatebot.com/modules/manager/#file-matching .
Side note: I considered the feasibility of integrating this information directly into the
make upgradePRs, but it doesn't seem practical yet. The roadmap issue for publishing the Merge Confidence data on a website hasn't been started yet, and the badge image URLs don't look predictable enough to use outside the context of a Renovate-generated PR.The text was updated successfully, but these errors were encountered: