Re: [edk2-devel] [PATCH v1 1/1] .github/dependabot.yml: Enable dependabot

Thu, 10 Nov 2022 11:53:07 -0800 

Hi Mike,
One thing that comes to mind, is I can have the PR from dependabot automatically have a label added (e.g. "do-not-merge") and then update the mergify configuration to prevent merging of PRs with that label. 


I can also have a comment automatically added to the PR that explains it 
is only for reference.


I made this changes on my fork in the following commits. What do you think?

- Branch: https://github.com/makubacki/edk2/commits/enable_dependabot

- Commit 1: 
https://github.com/makubacki/edk2/commit/7c8331885a9e052084cfdb5d40c845a0efd77248
- Commit 2: 
https://github.com/makubacki/edk2/commit/48be17075903cfc5278fd9bb031b965954d15bbb


Thanks,
Michael

On 11/10/2022 11:44 AM, Michael D Kinney wrote:

Hi Michael,

Thanks.  This feature is really useful to help keep our dependencies up to date.

For the EDK II Development Process, the PRs produced by dependabot would only
be informative and would never be merged directly.  How do we mark these PRs
so they are never merged directly with a "push" label?

The EDK II Maintainers can monitor these PRs and when there is something that
needs to be updated, a developer can produce patches and send reviews
with required Signed-off-by and Reviewed-by tags in the commit message.

Thanks,

Mike


-----Original Message-----
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael Kubacki
Sent: Thursday, November 10, 2022 5:47 AM
To: devel@edk2.groups.io
Cc: Sean Brogan <sean.bro...@microsoft.com>; Kinney, Michael D 
<michael.d.kin...@intel.com>
Subject: [edk2-devel] [PATCH v1 1/1] .github/dependabot.yml: Enable dependabot

From: Michael Kubacki <michael.kuba...@microsoft.com>

Enables dependabot in this repo so we can better alerted when
dependency updates are available.

This GitHub action will automatically create pull requests and
summarize the dependency details. Because it is a pull request,
the CI system will validate the dependency update in the pull
request.

Configures dependabot for:

1. PIP module updates
2. Submodule updates
3. GitHub action updates

The maintainers/reviewers of the .github directory were added as
pull request reviewers so they can be notified when the pull request
is available.

Cc: Sean Brogan <sean.bro...@microsoft.com>
Cc: Michael D Kinney <michael.d.kin...@intel.com>
Signed-off-by: Michael Kubacki <michael.kuba...@microsoft.com>
---

Notes:
     An example of the pull requests created by this change
     are available on my edk2 fork:

     https://github.com/makubacki/edk2/pulls

  .github/dependabot.yml | 45 ++++++++++++++++++++
  1 file changed, 45 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000000..7f405721fd3d
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,45 @@
+## @file
+# Dependabot configuration file to enable GitHub services for managing and 
updating
+# dependencies.
+#
+# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+# Please see the documentation for all configuration options:
+# 
https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+##
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "pip"
+    reviewers:
+      - "makubacki"
+      - "mdkinney"
+      - "spbrogan"
+
+  - package-ecosystem: "gitsubmodule"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    commit-message:
+      prefix: "submodule"
+    reviewers:
+      - "makubacki"
+      - "mdkinney"
+      - "spbrogan"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    commit-message:
+      prefix: "GitHub Action"
+    reviewers:
+      - "makubacki"
+      - "mdkinney"
+      - "spbrogan"
--
2.28.0.windows.1



-=-=-=-=-=-=
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#96187): https://edk2.groups.io/g/devel/message/96187
Mute This Topic: https://groups.io/mt/94935824/1643496
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [michael.d.kin...@intel.com]
-=-=-=-=-=-=











-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#96207): https://edk2.groups.io/g/devel/message/96207
Mute This Topic: https://groups.io/mt/94935824/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
























					Reply via email to