Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: configured auto-approve & auto-merge for dependabot #23

Merged
merged 1 commit into from
Jan 27, 2024
Merged

ci: configured auto-approve & auto-merge for dependabot #23

merged 1 commit into from
Jan 27, 2024

Conversation

fredbi
Copy link
Member

@fredbi fredbi commented Jan 25, 2024
edited
Loading

  • All groups are checked once a week and each produce at most 1 PR.
  • All dependabot PRs are auto-approved

Caveats:

  • this requires auto-merge to be enabled in the repository settings
    [done]
  • this requires all desired tests to be required in the branch
    protection rule [done]

  • package-ecosystem: "github-actions"

    1. development-dependencies are auto-merged

  • package-ecosystem: "gomod"
    We define 4 groups of dependencies to regroup update pull requests:

    • development (e.g. test dependencies)
    • go-openapi updates
    • golang.org (e.g. golang.org/x/... packages)
    • other dependencies (direct or indirect)

    Auto-merging policy, when requirements are met:

    1. development-dependencies are auto-merged
    2. golang.org-dependencies are auto-merged
    3. go-openapi patch updates are auto-merged. Minor/major version updates require a manual merge.
    4. other dependencies require a manual merge

Signed-off-by: Frederic BIDON [email protected]

@fredbi fredbi force-pushed the ci/automerge-wekly-dependabot branch from c0ee947 to d19607c Compare January 25, 2024 16:14
@codecov Codecov
Copy link

codecov bot commented Jan 25, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (6f774b2) 70.50% compared to head (5f57e75) 70.50%.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master      #23   +/-   ##
=======================================
  Coverage   70.50%   70.50%           
=======================================
  Files           1        1           
  Lines         339      339           
=======================================
  Hits          239      239           
  Misses         75       75           
  Partials       25       25
Flag Coverage Δ
oldstable 70.50% <ø> (ø)
stable 70.50% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@fredbi fredbi changed the title Ci/automerge weekly dependabot ci: configured auto-approve & auto-merge for dependabot Jan 25, 2024
@fredbi
Copy link
Member Author

fredbi commented Jan 25, 2024

This has been tested successfully on my fork.

@fredbi
Copy link
Member Author

fredbi commented Jan 25, 2024

NOTE: I've inspected Renovate too and it does about the same thing. Renovate is not really easier to configure for golang (but hey there is a "go-openapi" standard preset !) and dependant comes natively integrated with github. dependabot seems good enough for the go-openapi packages.
I hope that the one-a-week update periodicity is good enough. Please let me know if in your opinion, this is enough noise-reduction to keep dependencies up to date, and I'll generalize to other go-openapi repos.

@fredbi
ci: configured auto-approve & auto-merge for dependabot
5f57e75 
* All groups are checked once a week and each produce at most 1 PR.
* All dependabot PRs are auto-approved

Caveats:
* this requires auto-merge to be enabled in the repository settings
  [done]
* this requires all desired tests to be required in the branch
  protection rule [done]

- package-ecosystem: "github-actions"
    # 1. development-dependencies are auto-merged

- package-ecosystem: "gomod"
    # We define 4 groups of dependencies to regroup update pull requests:
    # - development (e.g. test dependencies)
    # - go-openapi updates
    # - golang.org (e.g. golang.org/x/... packages)
    # - other dependencies (direct or indirect)
    #
    #
    # Auto-merging policy, when requirements are met:
    # 1. development-dependencies are auto-merged
    # 2. golang.org-dependencies are auto-merged
    # 3. go-openapi patch updates are auto-merged. Minor/major version updates require a manual merge.
    # 4. other dependencies require a manual merge

Signed-off-by: Frederic BIDON <[email protected]>
@fredbi fredbi force-pushed the ci/automerge-wekly-dependabot branch from d19607c to 5f57e75 Compare January 27, 2024 06:44
@fredbi fredbi merged commit 60c301f into go-openapi:master Jan 27, 2024
11 checks passed
@fredbi fredbi deleted the ci/automerge-wekly-dependabot branch January 27, 2024 16:57
@fredbi fredbi mentioned this pull request Jan 31, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@youyuanwu youyuanwu youyuanwu approved these changes

@casualjim casualjim Awaiting requested review from casualjim

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fredbi @youyuanwu