Manage AWS SDK(s) version with Dependabot #39738
Conversation
botelastic
bot
added
the
needs_team
zmoog
changed the title
|
This pull request does not have a backport label.
To fixup this pull request, you need to add the backport labels for the needed
|
|
The following dependencies are AWS-related, but I'm not sure they depend on the AWS SDK. |
zmoog
added
the
Team:obs-ds-hosted-services
botelastic
bot
removed
the
needs_team
|
Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services) |
github.com/awslabs/goformation/v4, github.com/aws/smithy-go, and github.com/aws/aws-lambda-go do not directly depend on the AWS SDK. github.com/awslabs/kinesis-aggregation depends on |
It seems Functionbeat only uses this package to reference the |
Functionbeat is also using the deaggregator: https://github.com/elastic/beats/blob/main/x-pack/functionbeat/provider/aws/aws/transformer/transformer.go#L18 |
Oh, good catch! It seems the awslabs/kinesis-aggregation/blob/master/go/deaggregator/deaggregator.go only use the We can probably initially focus on the AWS SDK only ( |
|
We need to revise this PR after merging #40125 |
zmoog
force-pushed
the
zmoog/manage-aws-sdk-dependencies-with-dependabot
branch
from
904d116
to
2c0520b
Compare
|
I am waiting for #40150 to merge before rebasing on it. |
zmoog
force-pushed
the
zmoog/manage-aws-sdk-dependencies-with-dependabot
branch
from
2c0520b
to
216a477
Compare
|
I rebased on @rowlandgeoff, would you mind taking a final look at the AWS config? |
|
Not sure if it's important, but we also use |
| @@ -45,6 +47,9 @@ updates: | |||
| - dependency-name: cloud.google.com/go/* | |||
| groups: | |||
| # Cloud providers' SDK dependencies | |||
| aws-sdks: | |||
| patterns: | |||
| - "github.com/aws/aws-sdk-go-v2/*" | |||
There was a problem hiding this comment.
should we add github.com/aws/aws-lambda-go, github.com/aws/smithy-go and similar libs ?
There was a problem hiding this comment.
Yep, it makes sense! I created separate PRs to facilitate this kind of conversation.
Do we want to group these libraries in the AWS SDK (also adding to groups.aws-sdks.patterns), or is it better to keep them separate (by only including them in the allows list)?
We grouped all the AWS SDK in a group with the github.com/aws/aws-sdk-go-v2/* pattern to avoid dependencies problems like #39454 (a PR accidentally upgraded only the core library, breaking main).
There was a problem hiding this comment.
I suggest adding github.com/aws/aws-lambda-go and github.com/aws/smithy-go as dependencies to check if we are unsure. We can still add them later to the group.
Happy to help if you need to be unblocked, but will defer to engineers closer to the code. Based on the comments, looks like sign-off will wait for now. |
Yeah, @rowlandgeoff sorry for the ping. The conversation got a new (and welcome) life right after I mentioned you. I'll request a new review when we complete the changes. |
Adding the following dependencies: - github.com/aws/aws-lambda-go - github.com/aws/smithy-go
|
@rowlandgeoff, I guess we're now ready for your review. We can make additional changes in future PRs as needed. |
|
LGTM, but I will defer to @dliappis since he's back from PTO |
|
Thanks! @dliappis, waiting for your feedback before merging the PR, then! 😇 |
|
LGTM still from an eng prod PoV |
Proposed commit message
Set up Dependabot to manage the AWS SDK version.
With the current reactive and manual process, our dependencies are often outdated. To release a bugfix to a dependency, we need to wait for the following stack release instead of merging it shortly after it's available from AWS.
See #39492 to learn more.
Checklist
My code follows the style guidelines of this projectI have commented my code, particularly in hard-to-understand areasI have made corresponding changes to the documentationI have made corresponding change to the default configuration filesI have added tests that prove my fix is effective or that my feature worksI have added an entry inCHANGELOG.next.asciidocorCHANGELOG-developer.next.asciidoc.Related issues