Hi Gavin, we actually made that change in JCasC to prepare for https://github.com/jenkins-infra/plugin-site-api/pull/54 Good that dependabot is something you can depend on 😁
Original PR https://github.com/jenkinsci/configuration-as-code-plugin/pull/1004 On Tuesday, August 27, 2019 at 6:50:38 PM UTC+2, Gavin Mogan wrote: > > Hey Ya'll, > > tl;dr - Make sure project > scm > url is set to github, (example > https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/pom.xml#L41 > ) > > --- > > I thought I'd share my limited findings with all of your. A couple weeks > ago I contacted dependabot support to try and find out why some javascript > modules had changelogs/release notes mentioned. I got a bunch of good > responses back, and nudged them to document this info publicly. > > But for now, I share what I learned. > > Dependabot has a lot of open source code, including how it processes > module metadata. > > > https://github.com/dependabot/dependabot-core/blob/e654f214a932672d8ac0ea428ef9d672ac5bba33/maven/lib/dependabot/maven/metadata_finder.rb#L52 > > It loops through a bunch of properties inside the maven pom file, project > > url (which should point at wiki/plugins site for us), project > scm > url > (which right place to set it), and lastly project > issueManagement > url > (which probably defaults to jira) > > When that url is set right, dependabot knows where to pull information > from. See https://github.com/jenkinsci/ci.jenkins.io-runner/pull/192 as a > good example. > > It'll list the commits between tags. Release Notes if you use github > releases (release drafter makes that easy) and Changelog if it can find a > changelog file in the repo. I can go into more details about this if people > want. > > *But I strongly recommend at least setting up project > scm > url, and > either a changelog file, or preferably release notes for releases.* > > That'll make other plugin authors know if its worth upgrading/what > potentially might break when getting a dependabot PR. > > Thanks, > Gavin > > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/73df2ca3-23a2-4ec2-9af5-a34f9b1291e0%40googlegroups.com.
