uclahs-cds / pipeline-recalibrate-BAM

Nextflow pipeline to perform Indel Realignment and Base Quality Score Recalibration
https://uclahs-cds.github.io/pipeline-recalibrate-BAM/
GNU General Public License v2.0
1 stars 1 forks source link

Enable dependabot to update submodules #40

Closed nwiltsie closed 11 months ago

nwiltsie commented 11 months ago

Description

This enables dependabot for this repository, specifically to keep git submodules up-to-date. Once merged, dependabot will automatically open pull requests to update pipeline-Nextflow-config and pipeline-Nextflow-module to the latest versions. Thereafter, it will check weekly to see if new commits have been made to those submodules, opening new PRs as necessary.

Here is an example pull request from my training repository: https://github.com/uclahs-cds/training-nwiltsie/pull/14

No PRs, including this one and all dependabot PRs, will have the power to make updates without human intervention. The changes will still need to be tested manually before they should be merged.

Errata

Testing Results

No tests run - infrastructure change only.

Checklist

aholmes commented 11 months ago

The changes will still need to be tested manually before they should be merged.

Good call to mention this. We do this with CAP for anything more significant than patch bumps. Probably worth writing some guidelines on what to test, why, and when. CAP also has ~80% test coverage, so most changes we can be confident of.

aholmes commented 11 months ago

One solution to that could be to adopt a gitflow-like model ...

I hesitate to introduce the complexity of Git flow into the lab's work, but I am curious what advantage we gain by treating Dependabot submodule updates this way vs. just testing and updating (if necessary) the branch created by Dependabot.

nwiltsie commented 11 months ago

I hesitate to introduce the complexity of Git flow into the lab's work, but I am curious what advantage we gain by treating Dependabot submodule updates this way vs. just testing and updating (if necessary) the branch created by Dependabot.

To be clear: my suggestion was to adopt gitflow in https://github.com/uclahs-cds/pipeline-Nextflow-config and https://github.com/uclahs-cds/pipeline-Nextflow-module . That way, those main branches only update on intentional "releases" and small/doc-only changes would not trigger dependabot in this repository.

I agree that using gitflow for this repository (or any other pipeline) would be too complex.