[Internal] Group Dependabot pull requests #2639
Replies: 1 comment 1 reply
-
|
It's certainly annoying to have one PR per update, when there's a bunch of them. I approved 4 or 5 yesterday, and now I see there are 5 more today. A weekly (at most) update with grouped PRs seems like it would be much more manageable. I'm not all that worried about the case where we have to track down which individual update caused a failure. Update failures have been pretty rare, and it will probably be straightforward to see what the cause is even if there are several updates. At worst we can try applying the individual updates one at a time. Do you want to try updating |
Beta Was this translation helpful? Give feedback.
-
|
Have created #2641 for that |
Beta Was this translation helpful? Give feedback.
-
Currently Dependabot creates a separate pull request for each dependency update. As seen in the recent weeks this causes quite a lot of pull requests due to the large number of dependencies and plugins Gson uses (mainly for build and test setup).
However, Dependabot also supports grouping updates.
While that would not reduce the work for checking which changes the updates introduce, it would reduce the work for handling the pull requests, where currently you have to merge them one by one, and if necessary even request Dependabot to rebase them, which further increases the time needed.
The disadvantage with this is, that if something breaks due to a version update which updated multiple dependencies, you would have to manually check which is causing the issue.
What do you think about grouping Maven updates, and GitHub action updates and for example only running Dependabot monthly instead of daily or weekly?
Beta Was this translation helpful? Give feedback.
All reactions