Closed nwiltsie closed 11 months ago
The changes will still need to be tested manually before they should be merged.
Good call to mention this. We do this with CAP for anything more significant than patch bumps. Probably worth writing some guidelines on what to test, why, and when. CAP also has ~80% test coverage, so most changes we can be confident of.
One solution to that could be to adopt a gitflow-like model ...
I hesitate to introduce the complexity of Git flow into the lab's work, but I am curious what advantage we gain by treating Dependabot submodule updates this way vs. just testing and updating (if necessary) the branch created by Dependabot.
I hesitate to introduce the complexity of Git flow into the lab's work, but I am curious what advantage we gain by treating Dependabot submodule updates this way vs. just testing and updating (if necessary) the branch created by Dependabot.
To be clear: my suggestion was to adopt gitflow in https://github.com/uclahs-cds/pipeline-Nextflow-config and https://github.com/uclahs-cds/pipeline-Nextflow-module . That way, those main
branches only update on intentional "releases" and small/doc-only changes would not trigger dependabot in this repository.
I agree that using gitflow for this repository (or any other pipeline) would be too complex.
Description
This enables dependabot for this repository, specifically to keep git submodules up-to-date. Once merged, dependabot will automatically open pull requests to update
pipeline-Nextflow-config
andpipeline-Nextflow-module
to the latest versions. Thereafter, it will check weekly to see if new commits have been made to those submodules, opening new PRs as necessary.Here is an example pull request from my training repository: https://github.com/uclahs-cds/training-nwiltsie/pull/14
No PRs, including this one and all dependabot PRs, will have the power to make updates without human intervention. The changes will still need to be tested manually before they should be merged.
Errata
develop
branch and new releases are created by periodically mergingdevelop
intomain
.Testing Results
No tests run - infrastructure change only.
Checklist
[x] I have read the code review guidelines and the code review best practice on GitHub check-list.
[x] I have reviewed the Nextflow pipeline standards.
[x] The name of the branch is meaningful and well formatted following the standards, using [AD_username (or 5 letters of AD if AD is too long)]-[brief_description_of_branch].
[x] I have set up or verified the branch protection rule following the github standards before opening this pull request.
[x] I have added my name to the contributors listings in the
manifest
block in thenextflow.config
as part of this pull request, am listed already, or do not wish to be listed. (This acknowledgement is optional.)[ ] I have added the changes included in this pull request to the
CHANGELOG.md
under the next release version or unreleased, and updated the date.[ ] I have updated the version number in the
metadata.yaml
andmanifest
block of thenextflow.config
file following semver, or the version number has already been updated. (Leave it unchecked if you are unsure about new version number and discuss it with the infrastructure team in this PR.)[x] I have tested the pipeline using NFTest, or I have justified why I did not need to run NFTest above.