New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: do not use Dependabot for npm dependencies #13047

Merged

eladb merged 7 commits into master from benisrae/dependency-update-changes

Feb 22, 2021

Contributor

eladb commented Feb 15, 2021

We have a custom workflow called “yarn-upgrade” which takes care of continuously updating npm dependencies, so we decided to use Dependabot to only track non-npm dependencies. For this repository, this is basically just GitHub Actions.

Replace the legacy .dependabot/config.yml with the native .github/dependabot.yml and configure it accordingly.

Also, refactor the auto-approval workflows such that any PR with the pr/auto-approve label will get auto-approved by CDK automation. Utilize this new label to auto-approve dependency updates (both from our workflow and the Dependabot ones).

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license


          chore: do not use Dependabot for npm dependencies

fa37055

We have a custom workflow called “yarn-upgrade” which takes care of continuously updating npm dependencies, so we decided to use Dependabot to only track non-npm dependencies. For this repository, this is basically just GitHub Actions.

Replace the legacy `.dependabot/config.yml` with the native `.github/dependabot.yml` and configure it accordingly.

Also, refactor the auto-approval workflows such that any PR with the `pr/auto-approve` label will get auto-approved by CDK automation. Utilize this new label to auto-approve dependency updates (both from our workflow and the Dependabot ones).

gitpod-io bot commented Feb 15, 2021 •

edited

Loading

eladb requested review from nija-at, RomainMuller and iliapolo and removed request for nija-at

February 15, 2021 10:43

mergify bot added the contribution/core label

eladb requested a review from nija-at

February 15, 2021 10:43

RomainMuller approved these changes

View reviewed changes

Contributor

mergify bot commented Feb 15, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

nija-at suggested changes

View reviewed changes

.github/workflows/auto-approve.yml Outdated Show resolved Hide resolved

eladb added the pr/do-not-merge label


          restrict only to specific users

3ea7972

eladb requested a review from nija-at

February 15, 2021 15:01


          Update auto-approve.yml

677d0cc

nija-at approved these changes

View reviewed changes

.github/workflows/auto-approve.yml Outdated Show resolved Hide resolved


          use "contains"

d7de437

eladb removed the pr/do-not-merge label

Contributor

mergify bot commented Feb 15, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).


          Merge branch 'master' into benisrae/dependency-update-changes

1ec9e1b

Contributor

mergify bot commented Feb 15, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).


          Merge branch 'master' into benisrae/dependency-update-changes

2dcb1cc

Contributor

mergify bot commented Feb 17, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

NGL321 assigned nija-at


          Merge branch 'master' into benisrae/dependency-update-changes

5e9a01b

Collaborator

aws-cdk-automation commented Feb 22, 2021

AWS CodeBuild CI Report

CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
Commit ID: 5e9a01b
Result: SUCCEEDED
Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Contributor

mergify bot commented Feb 22, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

eladb merged commit a349bf1 into master

eladb deleted the benisrae/dependency-update-changes branch

February 22, 2021 08:33

eladb mentioned this pull request

chore: fix invalid dependabot config #13194

Merged

mergify bot pushed a commit that referenced this pull request


          chore: fix invalid dependabot config (#13194)

The PR #13047 introduced a corrupted dependabot config.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

eladb pushed a commit that referenced this pull request


          chore: do not use Dependabot for npm dependencies (#13047)

6b332f1

We have a custom workflow called “yarn-upgrade” which takes care of continuously updating npm dependencies, so we decided to use Dependabot to only track non-npm dependencies. For this repository, this is basically just GitHub Actions.

Replace the legacy `.dependabot/config.yml` with the native `.github/dependabot.yml` and configure it accordingly.

Also, refactor the auto-approval workflows such that any PR with the `pr/auto-approve` label will get auto-approved by CDK automation. Utilize this new label to auto-approve dependency updates (both from our workflow and the Dependabot ones).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

contribution/core