Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add dependabot config #319

Closed
wants to merge 1 commit into from
Closed

add dependabot config #319

wants to merge 1 commit into from

Conversation

davidspek
Copy link

@davidspek davidspek commented Jan 25, 2021

Inspired by kubeflow/pipelines#4682 I created a script that will create a config file for depandabot so that it knows what directories to scan. It will scan the repository for files named *ockerfile*, package*.json, *requirements.txt and go.*. It is setup for dockerfiles, npm packages, pip dependencies and gomod at the moment. It is trivial to further customize what folders are selected if further customization is needed. It also parses the closest OWNERS file for a given dependency listing file, and assigns the relevant approvers and adds the relevant reviewers to the PRs it creates.

This is a sibling PR to kubeflow/pipelines#5015, kubeflow/kubeflow#5542, kserve/kserve#1309, kubeflow/arena#403, kubeflow/testing#855, kubeflow/fairing#550, kubeflow/kfp-tekton#432, kubeflow/katib#1420, kubeflow/training-operator#1224 and kubeflow/kfp-tekton-backend#28.

As it stands now, thare are about 5 PRs that will be created with this configuration.

For reference, the PRs that will be created can be found here: https://github.com/DavidSpek/mpi-operator/pulls

@k8s-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: DavidSpek
To complete the pull request process, please assign terrytangyuan after the PR has been reviewed.
You can assign the PR to them by writing /assign @terrytangyuan in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@davidspek
Copy link
Author

/assign @terrytangyuan

@davidspek
Copy link
Author

I am holding the PR to have some control over when it gets merged so that the optional test infra doesn't get overloaded if all the repo's were to merge this at the same time.
/hold

Copy link
Member

@terrytangyuan terrytangyuan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we close this?

@davidspek
Copy link
Author

@terrytangyuan I think it is up to the repo owners. If you do not require the advanced features of Renovate, dependabot is also a fine solution. If you would like to have Renovate enabled for this repo, I believe you will need to ask @Bobgy to do so. Either way, I suggest one of the two gets implemented.

@terrytangyuan
Copy link
Member

Looking at the PRs created by the bot, I am uncertain they would be helpful and it's better to upgrade dependencies when necessary. I am closing this for now. Feel free to reopen when needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants