search

argoproj / argo-workflows

Workflow Engine for Kubernetes
https://argo-workflows.readthedocs.io/
Apache License 2.0
14.88k stars 3.17k forks source link

Automate nix dependency hash update #11691

Open sudosubin opened 1 year ago

sudosubin commented 1 year ago

Summary

Dependabot automatically updates Go module dependencies, but does not update the hash values of Nix configurations it derives from. This causes Nix build to be broken, and then a developer who find this have to manually update the hash value each time.

To prevent this, either find a way to automatically update the Nix hash, or prevent CI or lint from updating only the Go module dependencies without updating the Nix hash.

There seems to be a way to automate it using Renovate (using flake.nix). https://docs.renovatebot.com/modules/manager/nix/

Any better ideas, or plans, etc.? I want to hear from all contributors.

Cases

https://github.com/argoproj/argo-workflows/pull/11504 → We'll wait for the automation for this instead of updating manually every time

https://github.com/argoproj/argo-workflows/pull/11180 → Update to the nix hash following dependabot update. ...

https://github.com/argoproj/argo-workflows/pull/11188 → ...

https://github.com/argoproj/argo-workflows/pull/11635#pullrequestreview-1585963785 → LGTM, we really need to do something about the dependency hashes needing constant updating.

Message from the maintainers:

Love this enhancement proposal? Give it a 👍. We prioritise the proposals with the most 👍.

terrytangyuan commented 1 year ago

cc @isubasinghe

isubasinghe commented 1 year ago

I was thinking of writing a program to do this, but I estimate it to take about 24 hours of work in the best case scenario. As a result I think the best solution is to move to renovate, even without the support for Nix, it seems to be a better tool in general.

@tico24 could help us here, I think he's done a dependabot to renovate transition before.

isubasinghe commented 1 year ago

@terrytangyuan what are your opinions on installing renovate?

terrytangyuan commented 12 months ago

Is there a way to only use renovate to update Nix and keep dependabot for everything else?

tico24 commented 12 months ago

Yes. You control exactly what renovate does and doesn't monitor.

terrytangyuan commented 12 months ago

I've installed renovate app in this repo. Would anyone like to help setting this up for Nix update only?

tico24 commented 12 months ago

Someone at Pipekit will take this on. You can put me down if you need to assign to someone.

terrytangyuan commented 11 months ago

This was not completed. See discussions in https://github.com/argoproj/argo-workflows/pull/11887#issuecomment-1741644512

tico24 commented 11 months ago

Technically it was. I automated the nix dependencies.

This just isn't what @isubasinghe wants.