Open Panquesito7 opened 4 years ago
fluxionary
commented
4 years ago I like to do at least some superficial testing of mods before pulling in updates. I suppose if I could set up that github thing that automatically boots a server I could automate some tests, but that's not likely to happen soon.
What mods in particular need an update?
Panquesito7
commented
4 years ago What mods in particular need an update?
For example: tpr and moretrees.
Offtopic: It is recommended for 3d_armor to point to the Minetest Mods organization.
EDIT: Maybe adding dependabot in various repositories (such as tpr) is a good idea.
Panquesito7
commented
4 years ago I like to do at least some superficial testing of mods before pulling in updates
The bot submits a PR, and choose whether to merge it or not.
wsor4035
commented
3 years ago dependabot preview is currently the oldest still supported version, you should really be using version two. to enable this go to
and there will be a button to create its file there, you need to create it there otherwise it doesnt recognize the dependabot.yml for some reason currently. A example configuration can be found at: https://github.com/pandorabox-io/pandorabox-mods/blob/master/.github/dependabot.yml
oversword
commented
3 years ago As the person now responsible for updating mods I do not like the idea of this - there should be the potential of a review process and the ability to stay at a version if we choose.
Although this would be helpful, it would also be dangerous - even when only considering the updates we make ourselves. The danger outweighs any benefit in my opinion.
wsor4035
commented
3 years ago "there should be the potential of a review process and the ability to stay at a version if we choose."
All it does is submit a pr if your submodule gets a update, you can review, close the pr, etc, i fail to see how this doesnt allow or a review, or is dangerous, given that literally anyone can make a pr
oversword
commented
3 years ago @wsor4035 because as soon as you choose to stay behind a version on one of the modules the PRs become useless and actually may become a nuisance. It allows for the chance that someone accepts a PR with a breaking change because every other update in the list is good.
wsor4035
commented
3 years ago "because as soon as you choose to stay behind a version on one of the modules the PRs become useless and actually may become a nuisance." this is wrong, it makes individual PR's for each submodule update, and you can just close the one you dont want to update further. doing so does not affect the others at all.
"It allows for the chance that someone accepts a PR with a breaking change because every other update in the list is good." again wrong because it makes a individual PR for each submodule update.
Panquesito7
commented
1 year ago Should this be closed or?
Currently, many mods are (very) outdated.
Only if mods are not modified, otherwise, AFAIK, existing changes will be overwritten. Link to the app: https://github.com/marketplace/dependabot-preview