Skip to content

Group dependabot updates #126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 28, 2023
Merged

Group dependabot updates #126

merged 4 commits into from
Aug 28, 2023

Conversation

@llucax
Copy link
Contributor

@llucax llucax commented Aug 28, 2023
edited
Loading

We group production and development ("optional" in the context of pyproject.toml) dependency updates when they are patch and minor updates,so we end up with less PRs being generated.

Major updates are still managed, but they'll create one PR per dependency, as major updates are expected to be breaking, it is better to manage them individually.

Also change dependabot frequency to weekly, as security updates are handled separately, there is no urgency for having other updates so often.

llucax added 2 commits August 28, 2023 09:56
@llucax
Workaround mkdocstrings bug
973c299 
With griffe 0.35.0 (used by mkdocstrings), this line started to fail
with an error `Empty modules section at line ...`.

For now we are just working around it until the bug is fixed. See:
mkdocstrings/griffe#204

Signed-off-by: Leandro Lucarella <[email protected]>
@llucax
Change dependabot frequency to weekly
bde30ab 
Security updates are already covered separately from these updates, so
there is no urgency in other updates, and having them checked daily is
a bit too distracting because it generates a considerable amount of PRs.

Signed-off-by: Leandro Lucarella <[email protected]>
@llucax llucax requested a review from a team as a code owner August 28, 2023 07:58
@llucax llucax self-assigned this Aug 28, 2023
@llucax llucax added this to the v0.6.0 milestone Aug 28, 2023
@llucax llucax force-pushed the dependabot-groups branch from 8ff29aa to ca30850 Compare August 28, 2023 08:02
@llucax llucax added part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) part:cookiecutter Affects the generation of projects using cookiecutter part:ci Affects the GitHub workflow and other parts for running CI labels Aug 28, 2023
Marenz
Marenz reviewed Aug 28, 2023
View reviewed changes
.github/dependabot.yml Outdated
# pyproject.toml) dependency updates when they are patch and minor updates,
# so we end up with less PRs being generated.
# Major updates are still managed, but they'll create one PR per
# dependency, as major updates are expected to be braking, it is better to
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

braking -> breaking

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same in the commit msg

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

.. and every other copy of that text 😆

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It brakes the update... :P

Marenz
Marenz requested changes Aug 28, 2023
View reviewed changes
Copy link
Contributor

@Marenz Marenz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems you need to use the brakes more when typing "break"

llucax added 2 commits August 28, 2023 10:41
@llucax
Group dependabot dependency updates
b1ec643 
We group production and development ("optional" in the context of
pyproject.toml) dependency updates when they are patch and minor
updates,so we end up with less PRs being generated.

Major updates are still managed, but they'll create one PR per
dependency, as major updates are expected to be breaking, it is better
to manage them individually.

Signed-off-by: Leandro Lucarella <[email protected]>
@llucax
Update release notes
e134db0 
Signed-off-by: Leandro Lucarella <[email protected]>
@llucax llucax force-pushed the dependabot-groups branch from ca30850 to e134db0 Compare August 28, 2023 08:41
@github-actions github-actions bot removed part:ci Affects the GitHub workflow and other parts for running CI part:cookiecutter Affects the generation of projects using cookiecutter part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) labels Aug 28, 2023
@llucax
Copy link
Contributor Author

llucax commented Aug 28, 2023

Updated to fix braking in the:

  • PR description
  • Commit message
  • Project's github workflow
  • Template workflow
  • Tests golden files

😓

@llucax llucax requested a review from Marenz August 28, 2023 08:42
@llucax llucax enabled auto-merge August 28, 2023 08:43
@llucax
Copy link
Contributor Author

llucax commented Aug 28, 2023

Enabling auto-merge.

@llucax llucax added this pull request to the merge queue Aug 28, 2023
Merged via the queue into frequenz-floss:v0.x.x with commit 3043462 Aug 28, 2023
@llucax llucax deleted the dependabot-groups branch August 28, 2023 09:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Marenz Marenz Marenz approved these changes

@matthias-wende-frequenz matthias-wende-frequenz Awaiting requested review from matthias-wende-frequenz matthias-wende-frequenz is a code owner automatically assigned from frequenz-floss/python-sdk-team

Assignees

@llucax llucax

Labels

None yet

Projects

Python SDK Roadmap
Status: Done

Milestone

v0.6.0

Development

Successfully merging this pull request may close these issues.

2 participants

@llucax @Marenz