Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatically detect when schemastore needs to be updated #65

Open
MPV opened this issue Nov 24, 2023 · 7 comments
Open

Automatically detect when schemastore needs to be updated #65

MPV opened this issue Nov 24, 2023 · 7 comments
Labels
pr-welcome This would be a good fix/feature, but the maintainer isn't planning on doing the work

Comments

@MPV
Copy link
Contributor

MPV commented Nov 24, 2023

While Dependabot supports actions (and Rust?), it doesn't support bumping things like:

To avoid manual toil of PRs like:

@mpalmer
Copy link
Owner

mpalmer commented Nov 24, 2023

Does Renovate support only raising a PR if certain files within the submodule change? I can't see anything obvious in its docs to cover that. Because schemastore has a lot of stuff updating all the time that we don't care about, and if it's going to raise a PR every time anything changes in that repo, it'll essentially have an (irrelevant) PR open all the time.

@MPV
Copy link
Contributor Author

MPV commented Nov 25, 2023

[...] if it's going to raise a PR every time anything changes in that repo, it'll essentially have an (irrelevant) PR open all the time.

Well yes, but as long as you don't merge it, Renovate will just keep it open and up to date (so you can merge whenever, or based on rules/automation).

@MPV
Copy link
Contributor Author

MPV commented Nov 25, 2023

Does Renovate support only raising a PR if certain files within the submodule change? I can't see anything obvious in its docs to cover that. Because schemastore has a lot of stuff updating all the time that we don't care about [...]

I do see what you mean.
That sounds like it would be a decent solution, but I haven't seen that either. But maybe some kind of GitHub Action could be added to check those things (and only merge/label/pass a check when those files have changed, or similar).

For example by running something like this (pseudocode) on PRs opened by Renovate:

  1. Checkout this repo (and submodules).
  2. Check (somehow?) if there's changes to the desired files.
    1. Checkout repo twice (one in main, one for PR, compare files)?
    2. ...other ideas?
  3. Do something to move the PR forward.
    1. Pass check?
    2. Ping maintainer?
    3. Approve/merge PR?

@mpalmer
Copy link
Owner

mpalmer commented Nov 25, 2023

If we're going to have a daily "check if anything's changed" job, renovate seems rather overkill. It'd be a lot easier to just have a daily action that did something like:

git clone <etc etc>
git submodule update
cd src/schemastore
git fetch origin
git diff --stat HEAD..origin/main | egrep src/schemas/json/github-(workflow|action).json

... then opened a PR or did something else (maybe the job can just fail?, that'd be enough) to signal that the schemastore repo needs at least looking at for changes that might be worth pulling in.

@MPV
Copy link
Contributor Author

MPV commented Nov 27, 2023

... then opened a PR or did something else (maybe the job can just fail?, that'd be enough) to signal that the schemastore repo needs at least looking at for changes that might be worth pulling in.

Sounds like a decent idea.

@MPV
Copy link
Contributor Author

MPV commented Nov 27, 2023

I also noted that Dependabot does support rust, but it's an opt-in, with something along:

package-ecosystem: cargo

@mpalmer
Copy link
Owner

mpalmer commented Nov 28, 2023

I also noted that Dependabot does support rust, but it's an opt-in, with something along:

That's a handy thing to know. One thing that bugs me about dependabot is that it spams you with "upgrade this naow!!!11!one!" PRs for things that have zero benefit in upgrading -- enabling it is essentially asking for the gift of infinite work. I've got daily cargo audit runs to find security vulns in dependencies, and cargo update/build runs to detect if a dep has introduced a breaking change. If there's something more that can usefully be added, I'm all ears.

(I'm going to change the title on this issue, to better reflect the underlying desire to detect relevant changes in the schemas)

@mpalmer mpalmer changed the title Switch from Dependabot to Renovate Automatically detect when schemastore needs to be updated Nov 28, 2023
@mpalmer mpalmer added the pr-welcome This would be a good fix/feature, but the maintainer isn't planning on doing the work label Nov 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pr-welcome This would be a good fix/feature, but the maintainer isn't planning on doing the work
Projects
None yet
Development

No branches or pull requests

2 participants