Hi Mike,
I can speak to the daffodil-vscode repo. I think once we clear this initial
backlog of dependency updates, we'll get much less bot PR spam (theoretically).
There is certainly value in dependabot and Scala steward and they are
currently set to run on Sundays, so we can start to clear the backlog on
Monday. What would help is if the bot PRs would run the CI workflows so we can
quickly assess those dependency updates that break the build or the tests.
Those PRs that pass CI can be more quickly reviewed and merged, and those that
don't will need some extra attention. My opinion is that weekly is fine for
now, but we can move to monthly if the bot backlogs continue to be substantial
after a few weeks of weekly updates.
-Davin
On 7/13/22, 4:02 PM, "Mike Beckerle" <mbecke...@apache.org> wrote:
Anybody else think the bot-based updates are far too frequent?
What if we restricted this to monthly?
I'd like to find out earlier about security-related issues, but otherwise,
I'd really like to see these things less often.
But I'm curious of others' view.
Message ID: <apache/daffodil/pull/814/review/1037753...@github.com>
-----------------------------------------------------------------
This message and any files transmitted within are intended
solely for the addressee or its representative and may contain
company proprietary information. If you are not the intended
recipient, notify the sender immediately and delete this
message. Publication, reproduction, forwarding, or content
disclosure is prohibited without the consent of the original
sender and may be unlawful.
Concurrent Technologies Corporation and its Affiliates.
www.ctc.com 1-800-282-4392
-----------------------------------------------------------------
