-
-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
π 6/3 @ 1pm PT - How to update lock files silently #22
Comments
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
In my ex-company they are running self-hosted reenovatebot and to fix the problem of required reviewer and required wait to check runs pass we built 2 probot apps:
If you have any questions on that let me know, maybe I can help. Just to understand the purpose of this task:
|
I want to avoid pull requests altogether. Even when they are auto approved and merged, it still creates tons of notifications. And for something like lock file updates I think the noise is quite distracting.
I don't want to get rid of renovate, I just want to get rid of pull requests for lock file updates
Sorry I don't understand what you mean? As this is only about lock file updates, there is now way that regressions could be introduced.
Yes, Ideally I still want to enforce reviews for pull requests |
Indeed. In my previous company was crazy.
Ok, so the DIY solution for updating the
If
I think I'm not following you here. What I meant is:
Is this the flow or am I missing something here? π |
There will be CI checks, I just didn't work on that yet. There are no reviews, but there don't need to be any, but I still want to trigger the test runs before anything is merged into the repository's default branch. The changes will happen in a branch such as |
ππ» How to update lock files silently
π Thursday, June 3, 2021
π 1:00pm Pacific Time (in your timezone)
ποΈ no guests
π·οΈ Automation
Subscribe to this issues to get a notification before the show begins and a summary after the show concludes.
How to update lock files silently
This show is a follow up to #3
I started using @renovateapp for dependency management in most of my open source projects. Greenkeeper is discontinued (RIP), Dependabot is geared towards apps, not libraries, and I'm not aware of any other good alternative for JavaScript projects.
I liked the way Greenkeeper did in-range dependency update checks. It created a branch for the dependency's in-range update, it ran the CI, if there was no error, the branch was deleted. As a maintainer, I didn't get a single notification in the whole process. If the CI failed, Greenkeeper would create an issue to make me aware of the problem. It would also automatically close that issue if the next version update no longer failed.
Renovate does not offer that option, because it requires to keep state for repositories which Renovate doesn't have. Renovate offers the option to do lock file updates, but it cannot merge the changes into the default branch if it is protected, which results in a huge amount notifications across all the repositories, currently it's 100+ each Sunday late afternoon for me.
As an alternative, I'd like to build a GitHub action which can push changes to a protected default branch. It could run on a schedule, checkout the repository, update all dependencies, commit the changes to
package-lock.json
. Then it would run the tests. If they all succeeded, the change would be pushed to the default branch. If they failed, the changes would be pushed to a branch and a pull request would opened for investigations.The action could run quite frequently and push changes to the main branch if there are no open pull requests. And with a less frequent interval it would force an update, even if there are open pull requests, to make sure the main repository is up to date. Another trigger could be when a pull request is merged or closed.
Outline
package-lock.json
and update the default branch using GitHub Actions once per weekPreparation
Recording
Shownotes
lockfile-update
branch. The branch gets created unless it already exists.The text was updated successfully, but these errors were encountered: