Support multiple directories to bump the same package across dependency files #3856

foolip · 2021-06-07T08:43:10Z

In https://github.com/web-platform-tests/wpt we track Python dependencies with a number of files named requirements_*.txt across directories, since the project is used in a number of different contexts (mostly browser engines like Chromium, Gecko and WebKit) where only a subset of the dependencies are needed.

We switched from pyup to Dependabot in web-platform-tests/wpt#29161, and quickly found that Dependabot is creating separate pull requests for the same dependency across files, for example web-platform-tests/wpt#29223 + web-platform-tests/wpt#29227 or web-platform-tests/wpt#29219 + web-platform-tests/wpt#29224 + web-platform-tests/wpt#29225.

We want those dependencies to stay in sync, so it would be much better if they were updated together. Unfortunately, there doesn't seem to be a way to specify multiple directories. This was the state of our config when the PRs were created:
https://github.com/web-platform-tests/wpt/blob/f44fd9953ebdbe8ef90ddf3bae8daaaa0173a92c/.github/dependabot.yml

Note that this is not the same request as #2178, wildcards would not help us since there's no pattern that would match everything we want to update and still exclude all the things we don't want to touch (third party code).

mwaddell · 2022-01-29T18:29:38Z

Solving this is a more general way is a bit beyond dependabot's scope. However, you should be able to solve this with a custom github workflow. You would create an action that runs whenever a new PR is created by dependabot and it uses github-script to locate instances of the same dependency in other locations across your repo and then merges the changes from the new PR into the existing one and closes this new PR with a comment referring to the other PR.

jeffwidman · 2023-02-10T00:29:14Z

This is a monorepo specific problem, so is tricky because some users want us to bump a dep across all apps/libraries in the monorepo, and others want us to only bump in one specific place at a time.

So if we added support for this, we'd need to ensure it was configurable. For now, I created the F: monorepo label so we can track the monorepo-related feedback together and added this to it.

jeffwidman · 2023-02-10T07:02:25Z

Actually, this is a duplicate of:

Create 1 PR for the same update across update configs #1595

So follow/upvote that for updates.

foolip added the T: feature-request Requests for new features label Jun 7, 2021

foolip mentioned this issue Jun 7, 2021

Revert "Switch to Dependabot for Python dependencies" web-platform-tests/wpt#29235

Closed

jeffwidman added F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR Workaround 🔁 Workaround for an upstream bug or unsupported feature F: monorepo 📦 Issues related to bumping a dep in manifests from multiple apps labels Feb 5, 2023

jeffwidman closed this as not planned Won't fix, can't repro, duplicate, stale Feb 10, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support multiple directories to bump the same package across dependency files #3856

Support multiple directories to bump the same package across dependency files #3856

foolip commented Jun 7, 2021

mwaddell commented Jan 29, 2022

jeffwidman commented Feb 10, 2023

jeffwidman commented Feb 10, 2023

Support multiple directories to bump the same package across dependency files #3856

Support multiple directories to bump the same package across dependency files #3856

Comments

foolip commented Jun 7, 2021

mwaddell commented Jan 29, 2022

jeffwidman commented Feb 10, 2023

jeffwidman commented Feb 10, 2023