Closed mbrandenburger closed 3 months ago
cmickeyb
commented
3 months ago @mbrandenburger is there some documentation on the dependabot? we want to pick up the PDO updates automatically, but PDO has a submodule (the wasm interpreter) that we do not want to pick up automatically?
mbrandenburger
commented
3 months ago I think you can fine tune dependabot using this https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow and filter for PDO updates only.
One could combine this dependabot with an automerge. I personally would not enable automerge now - and just see how convenient standalone dependabot is. It should (in theory) give you a on-click way to update the PDO deps.
mbrandenburger
commented
3 months ago Please feel free to add to this PR any changes.
cmickeyb
commented
3 months ago I think you can fine tune dependabot using this https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow and filter for PDO updates only.
One could combine this dependabot with an automerge. I personally would not enable automerge now - and just see how convenient standalone dependabot is. It should (in theory) give you a on-click way to update the PDO deps.
it looks like i should be able to configure it (we briefly tested dependabot on PDO for the python updates). Is there a best-known-method for testing the results?
mbrandenburger
commented
3 months ago The best-known-method I know is ... test it in your fork. There you can directly push to any branches without creating PRs ....
You can see an example there. I've just pushed the dependabot yaml and this triggered the creation of a PR to updated to the lasted PDO commit.
mbrandenburger
commented
3 months ago we want to pick up the PDO updates automatically, but PDO has a submodule (the wasm interpreter) that we do not want to pick up automatically?
Actually, it seems that the PDO submodules (WASM, etc ...) are not updated ... See my fork
g2flyer
commented
3 months ago Assuming that it will be as in FPC and only creates PRs and doesn't automate any git action itself, this looks as a useful reminder that submodule is behind PDO master which we then can manually decide as opportune moment to re-sync. Regarding handling of nested submodules, I didn't find anything meaningful during some googling. Arguably, such nested sub-modules should anyway be handled in the root submodules's github, i.e., PDO, via separate dependabots. In any case, as it shouldn't do anything automatic, so we could just merge and see whether it does the right thing or not and if it gets too annoying/too wrong just disable it again later?
cmickeyb
commented
3 months ago The best-known-method I know is ... test it in your fork. There you can directly push to any branches without creating PRs ....
Perfect.
This PR allows dependabot to take the burden and bump the gitsubmodule version of PDO automatically.
An example can be found in my fork https://github.com/mbrandenburger/pdo-contracts/pulls