Closed mbrandenburger closed 3 months ago
@mbrandenburger is there some documentation on the dependabot? we want to pick up the PDO updates automatically, but PDO has a submodule (the wasm interpreter) that we do not want to pick up automatically?
I think you can fine tune dependabot using this https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow and filter for PDO updates only.
One could combine this dependabot with an automerge. I personally would not enable automerge now - and just see how convenient standalone dependabot is. It should (in theory) give you a on-click way to update the PDO deps.
Please feel free to add to this PR any changes.
I think you can fine tune dependabot using this https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#allow and filter for PDO updates only.
One could combine this dependabot with an automerge. I personally would not enable automerge now - and just see how convenient standalone dependabot is. It should (in theory) give you a on-click way to update the PDO deps.
it looks like i should be able to configure it (we briefly tested dependabot on PDO for the python updates). Is there a best-known-method for testing the results?
The best-known-method I know is ... test it in your fork. There you can directly push to any branches without creating PRs ....
You can see an example there. I've just pushed the dependabot yaml and this triggered the creation of a PR to updated to the lasted PDO commit.
we want to pick up the PDO updates automatically, but PDO has a submodule (the wasm interpreter) that we do not want to pick up automatically?
Actually, it seems that the PDO submodules (WASM, etc ...) are not updated ... See my fork
Assuming that it will be as in FPC and only creates PRs and doesn't automate any git action itself, this looks as a useful reminder that submodule is behind PDO master which we then can manually decide as opportune moment to re-sync. Regarding handling of nested submodules, I didn't find anything meaningful during some googling. Arguably, such nested sub-modules should anyway be handled in the root submodules's github, i.e., PDO, via separate dependabots. In any case, as it shouldn't do anything automatic, so we could just merge and see whether it does the right thing or not and if it gets too annoying/too wrong just disable it again later?
The best-known-method I know is ... test it in your fork. There you can directly push to any branches without creating PRs ....
Perfect.
This PR allows dependabot to take the burden and bump the gitsubmodule version of PDO automatically.
An example can be found in my fork https://github.com/mbrandenburger/pdo-contracts/pulls