Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dependabot PRs not updating pnpm-lock.yaml #790

Open
thehenrytsai opened this issue Jul 23, 2024 · 1 comment
Open

dependabot PRs not updating pnpm-lock.yaml #790

thehenrytsai opened this issue Jul 23, 2024 · 1 comment
Assignees

Comments

@thehenrytsai
Copy link
Member

dependabot PRs currently do not include pnpm-lock.yaml, upon the PR merged, the release workflow runs pnpm install --frozen-lockfile which expects the pnpm-lock.yaml to be up-to-date (not allowed to change), but since it is not, the workflow fails.

Some possible solutions:

  1. Update dependabot to include pnpm-lock.yaml
  2. Update release workflow to allow pnpm-lock.yaml to be modified.
  3. Remove dependabot (not ideal because we introduced it for another reason: we depended on obsolete dependencies and were pinged by tbdex team)
@shamilovtim
Copy link
Contributor

I vote to turn off Dependabot. It has been a burden, caused version discrepancies between dwn-sdk-js and web5-js, wasted CI cycles, and is generally annoying. I'm happy to handle dependency upgrades manually. I wasn't aware we had a mandate for doing so and it's not difficult to handle manually.

@shamilovtim shamilovtim moved this to Needs Discussion in Web5 Roadmap Aug 10, 2024
@shamilovtim shamilovtim self-assigned this Aug 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Needs Discussion
Development

No branches or pull requests

2 participants