Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable dependabot updates on a weekly basis #893

Merged
merged 4 commits into from
Dec 5, 2023

Conversation

SimonMarquis
Copy link
Contributor

@SimonMarquis SimonMarquis commented Aug 11, 2023

  • using the version update label for Gradle updates
  • grouping Kotlin, KSP, and Compose compiler
  • on a weekly basis

ℹ️ General Availability of grouped updates


  • Revoke Renovate authorization on the project "settings" page

@JoseAlcerreca
Copy link
Contributor

@JoseAlcerreca
Copy link
Contributor

Ok in that case kotlin, Compose compiler and KSP should be grouped.

https://github.com/android/architecture-templates/blob/main/renovate.json

Also, daily would probably be overwhelming. I'd start with weekly.

@SimonMarquis
Copy link
Contributor Author

I'll update this PR to reflect these groups

@SimonMarquis SimonMarquis changed the title Enable dependabot updates on a daily basis Enable dependabot updates on a weekly basis Aug 24, 2023
@JoseAlcerreca
Copy link
Contributor

I haven't used dependabot yet but this LGTM

@SimonMarquis
Copy link
Contributor Author

FWIW, here is an example of grouped update with dependabot: SimonMarquis/SealedObjectInstances#136

@SimonMarquis SimonMarquis marked this pull request as ready for review September 20, 2023 15:38
@SimonMarquis
Copy link
Contributor Author

SimonMarquis commented Nov 7, 2023

🔔 @dturner @JoseAlcerreca @alexvanyo (sorry for the ping 🙈)

What is the current status of this PR? It could prevent the need to manually create PRs like in these recent ones:

If we want to stick with the third party @renovate-bot, I'm fine with it (even though I kind of dislike the fact to give write permissions to a third party), but then we should allow independent updates. Because right now, it is configured to bundle all updates at the same time, and prevents us to easily update -and test- dependencies atomically.

@SimonMarquis
Copy link
Contributor Author

PTAL 🔔 @dturner @JoseAlcerreca @alexvanyo

Sorry for the 2nd ping, but it's been almost 4 months 🙈, any comment on this? 🙂

@SimonMarquis SimonMarquis mentioned this pull request Dec 2, 2023
@jdkoren jdkoren self-assigned this Dec 4, 2023
Copy link
Contributor

@jdkoren jdkoren left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, will also check with @JoseAlcerreca

Copy link
Contributor

@JoseAlcerreca JoseAlcerreca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok let's try dependabot

@jdkoren jdkoren merged commit b39f3f3 into android:main Dec 5, 2023
@SimonMarquis SimonMarquis deleted the dependabot branch December 6, 2023 07:28
@SimonMarquis
Copy link
Contributor Author

😎 Awesome! Now we need to find a process to validate these reviews in a timely manner.

I'd love to be able to approve them, but it would require you to give more permissions to individual users. Not sure if this is something you are willing to do.

We could also try to auto-approve and merge all patches/minor updates if the CI does not fail.

@lihenggui
Copy link
Contributor

@dturner dturner mentioned this pull request Dec 21, 2023
1 task
@dturner
Copy link
Collaborator

dturner commented Dec 22, 2023

@SimonMarquis Yeah, completely understand that it can be frustrating to have PRs sat for months without being reviewed/merged. We have a mandate to ensure that the app shows best practices and that can lead to lengthy internal discussions, or worse no discussions because people don't have the bandwidth to discuss or review.

I'll investigate whether we can grant certain approval permissions to external contributors to speed things up.

@jdkoren Please could you investigate #893 (comment)

@SimonMarquis
Copy link
Contributor Author

Regarding spotless/ktlint versions, they are currently part of an init script, and therefore can't access the main version catalog.

Possible solutions:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants