Amphtml: Keep versions of AMP build tools and dev dependencies up to date

Created on 22 Nov 2017  路  11Comments  路  Source: ampproject/amphtml

In addition, set up an automated means of periodically rolling forward the versions in package.json and yarn.lock

/cc @cramforce

Soon Bug infra
Source
picture rsimha

All 11 comments

After the PRs linked above are merged, all dependencies in the AMP toolchain will be at their latest versions.

We can then look into using https://github.com/integration/greenkeeper and https://github.com/greenkeeperio/greenkeeper-lockfile to keep the dependencies rolling forward.

rsimha picture rsimha on 18 Dec 2017

@cramforce @erwinmombay The final task before I can close out this issue is to install greenkeeper and greenkeeper-lockfile for github.com/ampproject/amphtml. Since I lack the access rights to do so, could I bug one of you to help with the install / setup, or ask you to (temporarily) give me access?

Edit: Installation links:
https://github.com/integration/greenkeeper
https://github.com/greenkeeperio/greenkeeper-lockfile

rsimha picture rsimha on 2 Jan 2018

I can't seem to install it to "ampproject/amphtml" and only allows me to install greenkeeper on my personal projects (i might not have enough access on the parent org)

erwinmombay picture erwinmombay on 3 Jan 2018

Thanks. Let's wait for @cramforce to help with this.

rsimha picture rsimha on 3 Jan 2018

The new integration now needs write access to code. We need to check whether that is OK security wise.

cramforce picture cramforce on 4 Jan 2018
👍1

@cramforce @erwinmombay See the section titled "Github Integrations" at https://blog.greenkeeper.io/greenkeeper-2-0-release-da8f8f476c88

It appears that Greenkeeper only needs access to our metadata files (package.json, .travis.yml, and likely yarn.lock). I wonder if we can restrict access to just those files via the Github Integrations API (https://github.com/blog/2226-build-an-integration-for-github)

rsimha picture rsimha on 5 Jan 2018

I checked and they are whitelisted. Should now be configured.

cramforce picture cramforce on 6 Jan 2018

@cramforce Thanks.

For Travis CI integration of greenkeeper-lockfile, we'll need to add a token called GH_TOKEN, either to https://travis-ci.org/ampproject/amphtml/settings, or to .travis.yml after encrypting it.

See https://github.com/greenkeeperio/greenkeeper-lockfile#setup

If you can generate and send me the GH_TOKEN internally, I can encrypt it and add it to .travis.yml.

rsimha picture rsimha on 6 Jan 2018

For posterity, here are the installation steps for greenkeeper:

https://greenkeeper.io/docs.html#installation

rsimha picture rsimha on 6 Jan 2018

@cramforce @erwinmombay greenkeeper and greenkeeper-lockfile are now enabled and active for ampproject/amphtml. See https://account.greenkeeper.io/account/ampproject

We're currently using a GH_TOKEN with only public_repo access. Now, it's wait and watch until the next dependency gets updated, at which point we should expect an automatically generated PR that updates package.json and yarn.lock.

We can close this bug once that happens, and we're satisfied that all went well.

rsimha picture rsimha on 9 Jan 2018

Update: We now use Renovate to keep our dependencies up to date.

rsimha picture rsimha on 26 Jun 2018
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gmajoulet picture gmajoulet  路  3Comments
choumx picture choumx  路  3Comments
westonruter picture westonruter  路  3Comments
aghassemi picture aghassemi  路  3Comments
akshaylive picture akshaylive  路  3Comments