Automated dependency updates #1283
Comments
|
Dependabot would only help with the Dockerfile, and perhaps with tools such as Packer and Ansible if we were to put those in a |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/remove-lifecycle rotten |
k8s-ci-robot
removed
the
lifecycle/rotten
|
An idea that came from this Slack thread is to have a periodic job that fetches the latest URLs and also fetches the checksums and generates a PR with the changes. |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
I'd still like this eventually /remove-lifecycle rotten |
k8s-ci-robot
removed
the
lifecycle/rotten
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle rotten |
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/remove-lifecycle rotten |
k8s-ci-robot
added
lifecycle/frozen
We've had several PRs lately to bump versions of various dependencies that we've noticed have become several versions out of date. We tend to do this on an ad-hoc basis when we remember to or someone needs a new feature from a dependency.
Because of this, we often find out quite a bit later about breaking changes in dependencies that we then need to also resolve at the same time as trying to update everything.
To avoid this I think it would be useful to introduce automated dependency updates on the repo so that we get new PRs every time a new version of something is available and we can then test change version bump in isolation from any other changes.
I recommend using Renovate to handle this as its free for public repos and is extremely configurable. There are also alternatives such as Dependabot but I'm less familiar with those so couldn't say for sure if they meet all our requirements.
We have versions configured in several different places so we'd need a solution that could handle the following:
Ideally, we'd also need a solution that supported updating the associated SHA256 values as well as the version but as of now I'm not aware of any tools that can handle that. [Renovate feature request]
The text was updated successfully, but these errors were encountered: