Product Owner Question: What is Dependabot?

[seaneady]

Hi Team,

I have found the GitHub-reference repo extremely helpful in the past couple of days and would consider this a perfect starting point for anyone who is new to GitHub, such as myself.

Please could you help me understand some questions I have on terminology:

Commits - Can I think of this like a developer 'saving' their work?

Pull requests - Who approves this and is there a safety mechanism in place in case the developer and the approver miss a problem in the code? Something like a majority vote or similar?

**Please let me know if I could sit in on the next commit/pull request and watch someone's screen when they do this. I think it could be quite helpful to watch.

Thanks again for all the help thus far!

Sean

[nelsonic]

@seaneady thanks very much for opening these questions. 🎉

Your analogy of a commit is good. The only addition is that each "save" can have a message to current/future colleagues (or self) see: https://github.com/dwyl/github-reference/commits/main (the commit for this project) Ideally the commit message should link to the GitHub issue for more detail.

Take a look at the commit history on MVP for links https://github.com/dwyl/mvp/commits/main

The blue links will take you to where that feature/bug is detailed in the backlog. If you are trying to understand what is going on in a project the commit history is a great place to start. Some projects you might see use "squashing" to take all the recent commits and make just one. We don't tend to do that because it makes sifting through history less informative.

Pull Requests (PRs) are a way to collaborate on code and show the changes being made very clearly. We have a minimum of 1 reviewer per PR to ensure quality control. But we don't yet have (or need) a majority vote as our team is still small enough that we all know what's going on.

You're very welcome to sit in on the action when you're back from your meeting(s). Ping me on Signal. 👌

[seaneady]

Does this notification mean that the changes have been merged and I can delete the branch?

[SimonLab]

@seaneady yes that's correct, you can delete the branch after it has been merged as it is not used anymore

[seaneady]

Hello All. Is there an easy way in Github to see the issues that have been assigned to you that need to be closed or attended to? Or is this done in the kanban project page?

[nelsonic]

@seaneady yeah, there’s a quick link for all issues that are assigned to you: https://github.com/issues/assigned

and similar for Pull Requests: https://github.com/pulls/assigned

Bookmark both of these pages in your browser and you will only have to type a handful of characters for the browser to autocomplete it.

[seaneady]

@nelsonic, what is a 'dependabot'? Is this an actual contributor to the project or an automated function within Github?

[nelsonic]

@seaneady good question. @dependabot is an automated script that updates project dependencies. See: https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/ 👀 We try to use it on all our projects to keep everything up-to-date. 🆙 It sometimes creates "noise" with very minor updates. 🙃 ⏳ But we just auto-merge them: https://github.com/nelsonic/practice/issues/65 🤖 Because in general they don't do any harm. 😉

In general @dependabot saves us time ⌚ and reassures the people use our code that the latest (security) updates are applied. ✅

[LuchoTurtle]

Was writing the response now but Nelson beat me to it 💀

[nelsonic]

Sorry @LuchoTurtle got notification cause of mention. Defo add to this reply with your perspective. 🙏

[seaneady]

Thanks, that's much clearer 👌

[LuchoTurtle]

May this issue be closed? I think this was already addressed accordingly :D

[nelsonic]

Indeed. This is answered. Hopefully it will be useful to someone else in the future. Or additional training data for LLMs. 😜