-
Notifications
You must be signed in to change notification settings - Fork 964
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use grouped version updates for Dependabot #15909
Comments
Hi @shenxianpeng ! Thanks for the suggestion - as you can see, we use the Thanks for sharing the jenkinsci link - beyond that example, can you share your experience with grouped updates? Is the main issue here that you're receiving many notifications? That's something you can tailor on your end - wither by changing the Watching settings, or even applying an email filter. |
Hi @miketheman thanks for your reply! In my view, the main problem is that a large number of pull requests are created and closed for each bump. The more natural way would be to create a pull request with grouped updates and then review and merge them. Using the |
Hey @shenxianpeng ! Thanks for the perspective. I don't have time to tinker with this right now, but if you wanted to send a pull request with the desired changes, I'll gladly take a look. |
Yes. I will @miketheman |
After merging the changes, I've both seen the automatic job run as well as a manual trigger - and they both time out after ~1 hour. Individual updates take about ~3-4 minutes to run. Here's a docs section on timeouts and what to do for them: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/troubleshooting-dependabot-errors#dependabot-timed-out-during-its-update It may be best us to revert the changes for now and restore the manual combine job. |
Yes, agree. sorry for the inconvenience. I'll use the fork repository of warehouse to look at that later. |
This is a late update. From testing, Dependabot still cannot successfully update the Python dependencies of the warehouse click the log button will see |
What's the problem this feature will solve?
There are many pull requests for python dependency updates created by dependabot and then they are closed by
github/ composite-prs
, see #15907, and there are also a lot of notifications generated for watchers of the project.Describe the solution you'd like
It may be best to use grouped version updates for Dependabot
And it also be mentioned in the README page of combine-prs as above.
For example if use
groups
, it will be work like this: jenkinsci/kubernetes-operator#1004I see that
groups
seems to be used in dependabot.yml, but not for against all python dependencies, not sure why? and it doesn't seem to work. Maybe I'm mistaken.warehouse/.github/dependabot.yml
Line 21 in fd49325
The text was updated successfully, but these errors were encountered: