ci: Changes for dependabot to be well-behaved
#1165
Conversation
orpheuslummis
added
the
ci/build
|
thought: I wonder if it is worth keeping the 60 limit for anything that isn't created by dependabot (I dont know what our detection options here are like, could perhaps allow 75 if the title contains |
orpheuslummis
changed the title
dependabot to be well-behaved (PR titles, weekly rhythm, ...)
orpheuslummis
changed the title
dependabot to be well-behaved (PR titles, weekly rhythm, ...)dependabot to be well-behaved
orpheuslummis
added
the
action/no-benchmark
"Validate that the last character is a lower case alphabet or a number character."
|
question: If we do weekly over daily, wouldn't that mean we will then get a bulk of dependabot PRs open together that we will have to deal with rather than taking care of them as they occur? question: What if dependabot PR title is bigger than 75? thought: IMO the commit title limit is there to serve a purpose that is also relevant to dependabot PRs. The commit title limit is a git wide convention to ensure tidy/concise titles that don't make the history/UI/etc. messy. To make the limit longer/break a git wide convention doesn't seem like the best route IMO. So far all dependabot PRs titles when I trimmed the thought: I am unsure if we should introduce a new label |
|
IMO weekly spam is better than daily spam. Dependabot PR titles should skip the PR title check with this. What alternative would be better than 'deps'? Keep in mind the list might be in the dozens of dependency updates within a major release potentially ... |
I'm quite alright with us so long as we use a special prefix for it (like |
I think In that case, for these bot-like/autogen tools may I suggest the label |
|
There is another issue with skipping the title validation step completely. if dependabot opens a pr with Would suggest to change Then would ask you to also update the tests here to reflect the change and ensure the new label is valid now (after you add the new label): Can run the tests with: |
It seems useful to distinguish between chores and dependency updates especially because with the use of dependabot there might be a lot of dependency updates within a major release. This way, a user can see what 'chores' were applied to the repo, and see the list of updated dependencies as two separate lists. |
| # In case the title is known to be from dependabot, then we skip the length-related title validation. | ||
| if [[ "${TITLE}" == *"Bump"* ]]; then | ||
| printf "Info: Title is from dependabot, skipping length-related title validation.\n"; | ||
| IS_DEPENDABOT=true; | ||
| fi |
There was a problem hiding this comment.
todo: Suggest another way to detect that this is a dependabot title (use the a unique bot label for all bot stuff?).
Otherwise the way it currently stands if anyone opens a PR with Bump in the title it will be automatically detected as if its a dependabot PR.
|
@orpheuslummis Left a todo, but will highly suggest to have a unique label to detect the type of this auto-gen Also not sure how I feel about |
Codecov Report
@@ Coverage Diff @@
## develop #1165 +/- ##
===========================================
+ Coverage 68.53% 68.59% +0.05%
===========================================
Files 180 180
Lines 17046 17046
===========================================
+ Hits 11683 11692 +9
+ Misses 4401 4394 -7
+ Partials 962 960 -2 |
|
Also heads up the PR description is somewhat outdated now. |
|
@orpheuslummis use rebase instead of merge next time, please. |
why? |
We decided to go for the rebase dev flow as a team to avoid messy history for reviewers with having develop merges into your branch |
I dont think this should be forced upon anyone, as we are squashing into develop it doesnt matter outside the context of the PR. I think rebase is always cleaner and should be the 'default' go-to, but a lot of the time it doesnt matter anyway because the commits are not clean or the PR is very small. If a large PR gets very messy commit wise it can be a royal pain to rebase anyway, and I definitely don't think we should that on anyone (such a rebase can also feel very risky to some). IMO rebase is prefered, and to be considered 'considerate' towards reviewers who may wish to review commit-by-commit, but not mandatory. |
|
Thanks for this exchange. Ideally we can have a brief update of the contributing document soon including guidelines like this and further feedback on it. |
- dependabot PRs are prefixed by `bot`, and their PR title length is not checked - dependabot runs weekly - changelog generation configuration is updated to include a `bot` category
- dependabot PRs are prefixed by `bot`, and their PR title length is not checked - dependabot runs weekly - changelog generation configuration is updated to include a `bot` category
Relevant issue(s)
Resolves #1147 #1167
Description
UPDATE: changed this PR to instead be tackling the 'dependabot problem' directly
Problem:
dependabotneeds a few more things to work well for the project: less PR spam, CI checks, relation between changelog and bot.Solution:
bot, and their PR title length is not checkedbotcategoryaddendum: I also recommend including in the release a step that updates dependencies, in case there's a last minute (security) fix. Adding this as a note to our private release process document.
Tasks
How has this been tested?
CI runs