Skip to content

Proposal: Use dependabot to keep up to date with dependencies #1348

New issue
New issue
Closed
Closed
Proposal: Use dependabot to keep up to date with dependencies#1348
@HonkingGoose

Description

@HonkingGoose
HonkingGoose
opened on Dec 26, 2019

Hi all from the Pro Git 2 team.

I noticed that @aollier is busy updating the Ruby gems manually (#1347). Now this is good, but we can also partly automate this work.

Using Dependabot will make keeping track of dependencies a lot easier.
To demonstrate how this might work for you, I've already set up Dependabot on my fork, so that you can look at it:

The pull-request that Dependabot makes can be viewed here:
https://github.com/HonkingGoose/progit2/pulls

The configuration that I used to get this working can be viewed here:
https://github.com/HonkingGoose/progit2/tree/dependabot_setup/.dependabot

The way it works is:

  1. Dependabot scans if there are outdated packages on a daily basis.
  2. When Dependabot finds outdated packages, it will open a pull request.
  3. The "reviewer" then manually checks out the branch that Dependabot has made, and runs the tests, and manually verifies things are okay.
  4. The "reviewer" then rebases the dependabot update on top of master.
  5. Done.

I would be more than happy to help you guys get set up.
If using Dependabot is something that you would like, I will make a pull-request that's tailored to your requirements.

Greetings,

HonkingGoose

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions