Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Enable dependabot #1120

Merged
merged 2 commits into from
Feb 21, 2023
Merged

chore: Enable dependabot #1120

merged 2 commits into from
Feb 21, 2023

Conversation

orpheuslummis
Copy link
Contributor

@orpheuslummis orpheuslummis commented Feb 20, 2023
edited
Loading

Relevant issue(s)

Resolves #320

Description

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates

Tasks

  • I made sure the code is well commented, particularly hard-to-understand areas.
  • I made sure the repository-held documentation is changed accordingly.
  • I made sure the pull request title adheres to the conventional commit style (the subset used in the project can be found in tools/configs/chglog/config.yml).
  • I made sure to discuss its limitations such as threats to validity, vulnerability to mistake and misuse, robustness to invalidation of assumptions, resource requirements, ...

How has this been tested?

TBD

@orpheuslummis orpheuslummis requested a review from a team February 20, 2023 14:21
@orpheuslummis orpheuslummis self-assigned this Feb 20, 2023
@orpheuslummis orpheuslummis added ci/build This is issue is about the build or CI system, and the administration of it. security Related to security dependencies Related to dependencies labels Feb 20, 2023
@orpheuslummis orpheuslummis added this to the DefraDB v0.5 milestone Feb 20, 2023
@orpheuslummis orpheuslummis added the action/no-benchmark Skips the action that runs the benchmark. label Feb 20, 2023
@codecov
Copy link

codecov bot commented Feb 20, 2023
edited
Loading

Codecov Report

Merging #1120 (0118329) into develop (b6f4743) will decrease coverage by 0.01%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop    #1120      +/-   ##
===========================================
- Coverage    67.80%   67.80%   -0.01%     
===========================================
  Files          181      181              
  Lines        16551    16551              
===========================================
- Hits         11223    11222       -1     
- Misses        4389     4390       +1     
  Partials       939      939
Impacted Files Coverage Δ
datastore/badger/v3/datastore.go 38.63% <0.00%> (-0.49%) ⬇️
datastore/memory/memory.go 88.73% <0.00%> (+0.93%) ⬆️

@source-devs
Copy link

Benchmark Results

Summary

  • 0 Benchmarks successfully compared.
  • 0 Benchmarks were ✅ Better.
  • 0 Benchmarks were ❌ Worse .
  • 0 Benchmarks were ✨ Unchanged.
✅ See Better Results...
time/opdelta
 
❌ See Worse Results...
time/opdelta
 
✨ See Unchanged Results...
time/opdelta
 
🐋 See Full Results...

fredcarle
fredcarle approved these changes Feb 20, 2023
View reviewed changes
Copy link
Collaborator

@fredcarle fredcarle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I look forward to seeing how this will behave over time.

@orpheuslummis
Copy link
Contributor Author

I'm still a bit unsure about this part.

    commit-message:
      prefix: "deps"

@shahzadlone
Copy link
Member

shahzadlone commented Feb 20, 2023
edited by fredcarle
Loading

I'm still a bit unsure about this part.

    commit-message:
      prefix: "deps"

Will dependabot open pull requests? If so, then the workflows will trigger and fail.

@fredcarle
Copy link
Collaborator

Will dependabot open pull requests? If so, then the workflows will trigger and fail.

Why would it fail? because of the title?

@orpheuslummis
Copy link
Contributor Author

Dependabot will open PRs.

I don't know if it should be

    commit-message:
      prefix: "deps"

or

    commit-message:
      prefix: "deps:"

@shahzadlone
Copy link
Member

Will dependabot open pull requests? If so, then the workflows will trigger and fail.

Why would it fail? because of the title?

Yes.

@shahzadlone
Copy link
Member

Dependabot will open PRs.

I don't know if it should be

    commit-message:
      prefix: "deps"

or

    commit-message:
      prefix: "deps:"

Will respond in a few hours.

@shahzadlone
Copy link
Member

Would suggest for now perhaps just setting it to chore maybe? so we can test it out for now without dealing with a failing action. Can add a new label if we want later. Especially once we reach a consensus on the commit label style for ignoring from git-log like this chore(ignore) or chore(-). Because these I believe should be all ignored commits.

You don't need to specify a :. Here is the relevant text from the resource I shared below (is a good read @orpheuslummis).

prefix specifies a prefix for all commit messages. When you specify a prefix for commit messages, GitHub will automatically add a colon between the defined prefix and the commit message provided the defined prefix ends with a letter, number, closing parenthesis, or closing bracket. This means that, for example, if you end the prefix with a whitespace, there will be no colon added between the prefix and the commit message. The code snippet below provides examples of both in the same configuration file.

Resource: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#commit-message

@orpheuslummis
Copy link
Contributor Author

@shahzadlone oops, I should've RTFM - thank you :)

Setting it chore. I'd be in favor of deps(ignore) for extra explicit clarity.

@orpheuslummis orpheuslummis merged commit 710ce85 into develop Feb 21, 2023
@orpheuslummis orpheuslummis deleted the orpheus/chore/dependabot branch February 21, 2023 18:23
shahzadlone pushed a commit that referenced this pull request Apr 13, 2023
@orpheuslummis @shahzadlone
chore: Enable dependabot (#1120)
b7114e9
shahzadlone pushed a commit to shahzadlone/defradb that referenced this pull request Feb 23, 2024
@orpheuslummis
chore: Enable dependabot (sourcenetwork#1120)
28919b3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fredcarle fredcarle fredcarle approved these changes

Assignees

@orpheuslummis orpheuslummis

Labels
action/no-benchmark Skips the action that runs the benchmark. ci/build This is issue is about the build or CI system, and the administration of it. dependencies Related to dependencies security Related to security
Projects
None yet
Milestone
DefraDB v0.5
Development

Successfully merging this pull request may close these issues.

Use dependabot
4 participants
@orpheuslummis @source-devs @shahzadlone @fredcarle