ci: Ensure Sentry SDK is always bumped by dependabot #77678
Conversation
mydea
requested review from
scttcper and
billyvg
and removed request for
a team
github-actions
bot
added
the
Scope: Frontend
| # For Sentry SDK updates, we do not want to limit the open PRs | ||
| - package-ecosystem: npm | ||
| open-pull-requests-limit: 0 |
There was a problem hiding this comment.
I don't think it works like this -- last we tried you can only have one npm section in a dependabot config
There was a problem hiding this comment.
ah damn, that sucks - I thought that would work :( does that mean it is not possible to realize this? 😬
What are thoughts about increasing the PR limit (10), or finding a different way to deal with those? As of now dependabot seems basically blocked because of open PRs with low prio 🤔
There was a problem hiding this comment.
afaik for packages we care about we've just been doing them periodically on our own. dependabot isn't very good at bumping packages anyway (lol I know right?) so it's been smoother when a person does it
There was a problem hiding this comment.
Yeah I mean this is what we kind of did so far, but we always lag behind a bit with the SDK and it would be nice to be up-to-date there, as it is our premier dogfooding app as well 🤔
There was a problem hiding this comment.
Yeah doesn't seem to be supported: dependabot/dependabot-core#1778
Though looks like there's a workaround if you have one config set target-branch: master
|
i usually see it make one for sentry dependencies. there's one open here #77287 |
I was wondering why the SDK is not automatically kept up-to-date by dependabot. After looking into it, I guess the problem is that the limit is set to 10 open PRs that are generally there (some have been open for months), so there is no capacity to open new ones.
As we'd love to have the SDK be up to date generally, this PR splits the SDK updates out to not have a limit. Hopefully that should ensure that we generally have this at latest.