Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply transitive dependabot go.mod dependency updates as part of automatic Github workflow #844

Merged
merged 3 commits into from
Jun 22, 2020
Merged

Apply transitive dependabot go.mod dependency updates as part of automatic Github workflow #844

merged 3 commits into from
Jun 22, 2020

Conversation

evantorrie
Copy link
Contributor

This PR adds a new Github workflow (the project's first) which is designed to fix our recent influx of Dependabot PRs which fail to pass our build tests. See #839, #831 et al.

Although Dependabot is correctly modifying the specific module it is working on, Dependabot does not consider any other modules in the repository while constructing the pull request. In our case, every build runs a go mod tidy across every go module, resulting in transitive dependencies of the changes introduced by Dependabot (e.g. a change in exporters/otlp/go.mod affects the go.sum files in example/otel-collector/ and example/otlp/) being modified during the build.

The workflow contained in this PR is designed to auto-fix these transitive dependencies whenever a pull request has a dependencies label added to it. It

  • checks out the code
  • constructs a go build environment
  • runs the custom Github action evantorrie/mott-the-tidier@v1-beta to perform the same go mod tidy across a user-defined set of module paths as the CI build
  • auto-commits the resulting go.sum changes

This should then retrigger another CI build with the newly fixed go.sum files, and ideally, pass correctly.

It uses two "non-Github-authored" Actions.

  1. evantorrie/mott-the-tidier is written by me with a pre-ES2015 understanding of NodeJS Javascript. In this workflow, it is configured with the gosum_only gate which will fail if there are any non go.sum files showing as modified in the repo after the go mod tidys complete. This is intended to prevent auto-commit of anything other than go.sum files by the subsequent step in the job.
  2. stefanzweifel/git-auto-commit-action@v4 is available in the Github actions marketplace and commits back to the PR branch any changes created by mott-the-tidier. Since we limit mott-the-tidier to making changes only to go.sum files, the resulting git-auto-commit-action has limited capacity for inadvertently corrupting the PR.

@lizthegrey
Copy link
Member

Please rebase to force CircleCI to build this.

@evantorrie
Copy link
Contributor Author

@lizthegrey have forced rebuild - and looks like CircleCI build has passed

evantorrie added a commit to evantorrie/opentelemetry-go-contrib that referenced this pull request Jun 22, 2020
@evantorrie
Add dependabot tidy github workflow
656c996 
Fixes transitive dependencies missed by dependabot auto-PR.
See open-telemetry/opentelemetry-go#844
@evantorrie evantorrie mentioned this pull request Jun 22, 2020
Merged
@lizthegrey lizthegrey merged commit f29cc49 into open-telemetry:master Jun 22, 2020
@evantorrie evantorrie deleted the dependabot-tidier branch June 22, 2020 16:44
@pellared pellared added this to the untracked milestone Nov 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrAlias MrAlias MrAlias approved these changes

@lizthegrey lizthegrey lizthegrey approved these changes

@Aneurysm9 Aneurysm9 Aneurysm9 approved these changes

@jmacd jmacd Awaiting requested review from jmacd

@paivagustavo paivagustavo Awaiting requested review from paivagustavo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
untracked
Development

Successfully merging this pull request may close these issues.
5 participants
@evantorrie @lizthegrey @Aneurysm9 @MrAlias @pellared