FYI: https://issues.apache.org/jira/browse/INFRA-19586
Regards. On 17/12/19 05:38, Misagh Moayyed wrote: > Sure, will do. Thanks everyone. > > --Misagh > > ----- Original Message ----- >> From: "Francesco Chicchiriccò" <ilgro...@apache.org> >> To: "dev" <dev@syncope.apache.org> >> Sent: Monday, December 16, 2019 12:22:45 PM >> Subject: Re: Automating Syncope's dependency updates >> Hi Misagh, >> it seems we have some consensus here, please go ahead and open an issue on >> >> https://issues.apache.org/jira/browse/INFRA >> >> about this topic, thanks. >> >> Regards. >> >> On 11/12/19 15:13, Francesco Chicchiriccò wrote: >>> Hi Misagh, >>> renovatebot looks interesting and worth at least to explore the possibility >>> to >>> add it at project's (rather than committer's level). >>> >>> +1 to go ahead and ask Infra team about it. >>> Regards. >>> >>> On 11/12/19 15:00, Misagh Moayyed wrote: >>>> Hey Team, >>>> >>>> I suspect most know about this sort of thing, but I thought to share this >>>> with >>>> you: >>>> https://github.com/renovatebot/renovate >>>> >>>> I think this is a useful tool to allow a Github project such as Syncope to >>>> automatically receive dependency updates and become self sufficient. It >>>> will >>>> attempt to parse the project's dependencies/pom and will then begin to >>>> issue >>>> pull requests with relevant updates. Its schedule, update policy and >>>> inclusion/exclusion rules can all be controlled via a .renovate JSON file. >>>> >>>> It can run in two ways: >>>> >>>> 1- As a GitHub app, which would be installed for the Apache org on Github >>>> and >>>> enabled for select repositories, such as Syncope. This option requires >>>> coordination/permission from Apache infra, and updates are then automatic. >>>> >>>> 2- As a CLI tool, where a committer's personal access token is passed as a >>>> command-line argument, and the tool can run as part of CI. This option >>>> probably >>>> does not require anything from Apache infra [?], and updates can be >>>> cancelled >>>> as part of the CI job that runs the tool. >>>> >>>> I am not sure what the CLA policy would be for bots; the second option >>>> probably >>>> [?] covers this, as PRs are issued on behalf of the committer whose AT is >>>> used. >>>> Either way, it seems like we need clarification from Apache infra. >>>> >>>> This is an example of a pull request by the bot: >>>> https://github.com/Jasig/uPortal/pull/1849 >>>> >>>> This is an example of the bot's JSON configuration file: >>>> https://github.com/Jasig/uPortal/blob/master/renovate.json >>>> >>>> How do you feel about this? Is this a good option to pursue and follow up? >>>> >>>> The bot also has the ability to rebase PRs, and can also take over the >>>> merging >>>> process automatically if CI passes or other rules allow. (At some point in >>>> the >>>> future, I think it will also gain the ability to travel back in time and >>>> kill >>>> Sarah Connor [1], but that has yet to be fully verified.) >>>> >>>> --Misagh >>>> >>>> [1] https://www.wikiwand.com/en/Sarah_Connor_(Terminator) >> -- >> Francesco Chicchiriccò >> >> Tirasa - Open Source Excellence >> http://www.tirasa.net/ >> >> Member at The Apache Software Foundation >> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail >> http://home.apache.org/~ilgrosso/ -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
