Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable dependabot #5847

Merged
merged 1 commit into from
Jul 28, 2020
Merged

Enable dependabot #5847

merged 1 commit into from
Jul 28, 2020

Conversation

clouserw
Copy link
Member

@clouserw clouserw commented Jul 2, 2020

Because

  • We want to keep our dependencies up to date

This commit

  • Enables Github's Dependabot support

Issue that this pull request solves

Closes: # (issue number)

Checklist

Put an x in the boxes that apply

  • My commit is GPG signed.
  • If applicable, I have modified or added tests which pass locally.
  • I have added necessary documentation (if appropriate).

Screenshots (Optional)

Please attach the screenshots of the changes made in case of change in user interface.

Other information (Optional)

Any other information that is important to this pull request.

@clouserw
Copy link
Member Author

clouserw commented Jul 2, 2020

I think this will enable dependabot, but the way I'm reading the docs is that we'll have to add a separate section for each package. I added a separate one for fxa-content-server just to see if my interpretation is right.

I didn't see a global open-pull-requests-limit which means that even if we made it 1 for each section we might still get overwhelmed with PRs when an update comes out.

I also added docker in here since they mentioned it, but I'm not sure it would be super useful to be honest. I suppose it wouldn't hurt.

Anyway.... r?

@clouserw clouserw requested a review from a team July 2, 2020 21:34
@dannycoates dannycoates self-assigned this Jul 2, 2020
@dannycoates
Copy link
Contributor

dependabot doesn't yet support yarn 2. we can revive this once it does

dependabot/dependabot-core#1297
dependabot/dependabot-core#2030

@dannycoates dannycoates closed this Jul 2, 2020
@clouserw clouserw reopened this Jul 22, 2020
@clouserw
Copy link
Member Author

We're going to try landing this. We think it will still open the PRs and we'll have to manually update the lock file. If it explodes, we'll turn it back off.

dannycoates
dannycoates approved these changes Jul 28, 2020
View reviewed changes
Copy link
Contributor

@dannycoates dannycoates left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yolo

@dannycoates dannycoates merged commit bd07831 into mozilla:main Jul 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dannycoates dannycoates dannycoates approved these changes

Assignees

@dannycoates dannycoates

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@clouserw @dannycoates