Discussion has died down, I think the consensus is to use Dependabot. I
will proceed with allowing it access.
Thanks,
Matti
On 29/8/19 12:07 pm, Nathaniel Smith wrote:
AFAICT all these services work by creating branches inside your repo
and then making a PR from that – they don't make their own forks.
(Which makes some sense when you consider they would need tens of
thousands of forked epos for all the projects they work with.)
I don't think there's any need to worry about giving GitHub Inc. (dba
Dependabot) write permissions to a GitHub repo, though.
You do maybe want to set up CI so that it doesn't run on these
branches, since it will also run on the PRs, and running CI twice on
the same branch is slow and wasteful.
-n
On Thu, Aug 29, 2019, 01:45 Ryan May <rma...@gmail.com
<mailto:rma...@gmail.com>> wrote:
Hi,
The answer to why Dependabot needs write permission seems to be to
be able to work with private repos:
https://github.com/dependabot/feedback/issues/22
There doesn't seem to be any way around it... :(
Ryan
On Thu, Aug 29, 2019 at 12:04 AM Matti Picus
<matti.pi...@gmail.com <mailto:matti.pi...@gmail.com>> wrote:
In PR 14378 https://github.com/numpy/numpy/pull/14378 I moved
all our python test dependencies to a test_requirements.txt
file (for building numpy the only requirement is cython). This
is worthy since it unifies the different "pip install"
commands across the different CI systems we use. Additionally,
there are services that monitor the file and will issue a PR
if any of those packages have a new release, so we can test
out new versions of dependencies in a controlled fashion.
Someone suggested Dependabot (thanks Ryan), which turns out to
be run by a company bought by github itself.
When signing up for the service, it asks for permissions:
https://pasteboard.co/IuTeWNz.png. The service is in use by
other projects like cpython. Does it seem OK to sign up for
this service?
Matti
_______________________________________________
NumPy-Discussion mailing list
NumPy-Discussion@python.org <mailto:NumPy-Discussion@python.org>
https://mail.python.org/mailman/listinfo/numpy-discussion
--
Ryan May
_______________________________________________
NumPy-Discussion mailing list
NumPy-Discussion@python.org <mailto:NumPy-Discussion@python.org>
https://mail.python.org/mailman/listinfo/numpy-discussion
_______________________________________________
NumPy-Discussion mailing list
NumPy-Discussion@python.org
https://mail.python.org/mailman/listinfo/numpy-discussion
_______________________________________________
NumPy-Discussion mailing list
NumPy-Discussion@python.org
https://mail.python.org/mailman/listinfo/numpy-discussion
