jl-wynen
commented
1 year ago Sounds good. Does Dependabot actually run on the template repo?
Closed SimonHeybrock closed 11 months ago
jl-wynen
commented
1 year ago Sounds good. Does Dependabot actually run on the template repo?
SimonHeybrock
commented
1 year ago It "runs" (because it is configured) but it does not update any of the workflow templates (because they are templates). So we would either need to update manually, or find a different solution.
SimonHeybrock
commented
1 year ago It seems like this is not supported and will not be fixed: https://github.com/dependabot/dependabot-core/issues/5987
SimonHeybrock
commented
11 months ago I think this is becoming a real issue: Dependabot is creating a lot of noise. But I feel we do need an at least semi-automatic way to update scipp/copier_template.
nvaytet
commented
11 months ago I think this is becoming a real issue: Dependabot is creating a lot of noise. But I feel we do need an at least semi-automatic way to update
scipp/copier_template.
Yes, I don't like dependabot either.
SimonHeybrock
commented
11 months ago I think we can mostly avoid the problem my not making the workflows jinja templates: There are relatively few essential params in them (I think the Linux image and Python version used in CI), and at least some of the workflow could be non-templated. Then dependabot would work at least for those?
SimonHeybrock
commented
11 months ago Example:
# SPDX-License-Identifier: BSD-3-Clause
# Copyright (c) 2023 Scipp contributors (https://github.com/scipp)
name: CI
on:
push:
branches:
- main
- release
pull_request:
jobs:
formatting:
name: Formatting and static analysis
runs-on: '{{github_linux_image}}' # can just hard-code this
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v3
with:
python-version: '{{min_python}}' # why do we need to run this on min_python? Decide on a global recent version!
- run: python -m pip install --upgrade pip
- run: python -m pip install -r requirements/ci.txt
- run: tox -e static
- uses: stefanzweifel/git-auto-commit-action@v4
with:
commit_message: Apply automatic formatting
tests:
name: Tests
needs: formatting
strategy:
matrix:
os: ['{{github_linux_image}}'] # hard code
python:
- version: '{{min_python}}' # this would be useful, but at least some projects modifiy the matrix anyway.
tox-env: 'py{{min_python|replace(".", "")}}'
{% raw %}
uses: ./.github/workflows/test.yml
with:
os-variant: ${{ matrix.os }}
python-version: ${{ matrix.python.version }}
tox-env: ${{ matrix.python.tox-env }}
docs:
needs: tests
uses: ./.github/workflows/docs.yml
with:
publish: false
branch: ${{ github.head_ref == '' && github.ref_name || github.head_ref }}
{% endraw %}
Currently, this template sets up dependabot to update actions in workflows. This is useful but noisy, since we will get the same update in many projects at similar but different times.
Would it make more sense to instead update the actions configured in the template regularly, and run regular updates in all instances of the template?