Skip to content

Add a check for dependabot PR updating guest or common lib dependencies #154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 30, 2025
Merged

Add a check for dependabot PR updating guest or common lib dependencies #154

merged 1 commit into from
Jan 30, 2025

Conversation

@simongdavies
Copy link
Contributor

We have a check in the PR workflow to ensure that Cargo.lock files are up to date as a part of any PR. This works fine for most scenarios but when dependabot updates depdendencies in either hyperlight_common or hyperlight_guest this may make the Cargo.lock file out of date for the simpleguest and callbackguest test guest binaries.

See #148 for an example of this.

This PR updates the PR workflow to update those files if there are dependabot changes to the dependencies in either of those crates.

@simongdavies simongdavies added the area/dependencies Concerns dependencies or related components label Jan 21, 2025
@simongdavies simongdavies mentioned this pull request Jan 21, 2025
Closed
@ludfjig
Copy link
Contributor

ludfjig commented Jan 22, 2025
edited
Loading

I suspect if we add the directory of simpleguest to dependabot.yml, it would update those cargo.toml as well, and we should be fine. It might be an easier solution that this. I'm thinking replace

  - package-ecosystem: "cargo"
    directory: "/"
    schedule:
      interval: "daily"

with

  - package-ecosystem: "cargo"
    directory: ["/", "src/tests/rust_guests/simpleguest"]
    schedule:
      interval: "daily"

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#directories-or-directory--

It might be worth a try anyway?

@simongdavies
Copy link
Contributor Author

It might be worth a try anyway?

Yes , definitely, I will close this one and open a new one with your suggestion, if it doesnt work we can aways re-open this

@simongdavies simongdavies mentioned this pull request Jan 27, 2025
Merged
@simongdavies simongdavies reopened this Jan 30, 2025
@simongdavies
Copy link
Contributor Author

since #212 and #210 are failing for same reason so it looks like #163 did not work

ludfjig
ludfjig approved these changes Jan 30, 2025
View reviewed changes
Copy link
Contributor

@ludfjig ludfjig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! I'm sad the other way didn't work :/

@simongdavies simongdavies merged commit 9fa91ae into hyperlight-dev:main Jan 30, 2025
21 checks passed
This was referenced Jan 30, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ludfjig ludfjig ludfjig approved these changes

@dblnz dblnz dblnz approved these changes

Assignees

No one assigned

Labels

area/dependencies Concerns dependencies or related components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@simongdavies @ludfjig @dblnz