Enable Dependabot #5827
Enable Dependabot #5827
Conversation
✅ Deploy Preview for odo-docusaurus-preview canceled.
|
openshift-ci
bot
added
the
area/dependency
|
Kudos, SonarCloud Quality Gate passed!
|
|
/hold Will come back to this at a later time (at the end of the current Sprint, to not disturb it). |
openshift-ci
bot
added
the
do-not-merge/hold
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: feloy The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/lgtm @rm3l I think now might be a good time to merge this PR and put it to test. If you agree, please cancel the hold. |
openshift-ci
bot
added
the
lgtm
|
/override ci/prow/unit |
|
@valaparthvi: Overrode contexts on behalf of valaparthvi: ci/prow/unit, ci/prow/v4.10-integration-e2e In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Thanks for the reminder. Yup, I think we can merge this now too. /override ci/prow/unit @feloy I guess the PRs that Dependabot will create will likely "conflict" with what you did with the |
|
@rm3l: Overrode contexts on behalf of rm3l: ci/prow/unit, ci/prow/v4.10-integration-e2e In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/hold cancel Let's see what we have. If it makes sense, we can see in the future how to update (annotate/label/comment/push) Dependabot PRs accordingly. |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/override ci/prow/unit |
|
@rm3l: Overrode contexts on behalf of rm3l: ci/prow/unit, ci/prow/v4.10-integration-e2e In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
* Configure Dependabot for watching and maintaining our Go dependencies * Configure Dependabot for watching and maintaining our NPM dependencies (website) * Add more comments * Add "ok-to-test" label to Dependabot PRs
What type of PR is this:
/area dependency
What does this PR do / why we need it:
As quickly discussed during the last Cabal meeting, this PR configures Dependabot in our repo. Dependabot will automatically create PRs with dependency updates for the package managers we configured. As such, I added a minimal configuration file that maintains both our Go and NPM dependencies.
The goal is to see if Dependabot could be relevant in helping us keep our dependencies up-to-date.
Once this is merged, we will see what kind of PRs Dependabot raises. We can revert this later or disable Dependabot if the PRs it creates do not make sense.
I think GitHub Dependabot is free for public repos.
Which issue(s) this PR fixes:
-
PR acceptance criteria:
Unit test
Integration test
Documentation
How to test changes / Special notes to the reviewer:
Didn't try it, but it might be possible to test Dependabot locally, per this blog post. But the goal here is to have this merged and take a look at Dependabot PRs.