Dependabot-core: Limit concurrency of updates for Dependabot

Created on 29 Apr 2019  路  6Comments  路  Source: dependabot/dependabot-core

Hello!

When merging a pull request from dependabot, it automatically rebases all other open pull requests (at least if pull requests must be up to date).

This is awesome! But... we use Codeship and we have a plan with limited concurrency where we can only have so many builds active at one time. When Dependabot updates it could very well rebase 20 to 30 pull requests, most of which end up in a queue.

Now, the queuing is also not really bad: they will eventually run. The problem is when we are also working on other things and need to deploy changes to our testing environments and our own changes are queued behind the builds triggered by Dependabot.

I'd like to propose an optional setting for Dependabot where the concurrency can be configured. For example, when set to 3, Dependabot should not rebase (or create new) branches until there's less than 3 existing Dependabot pull requests with pending status checks.

It's a minor inconvenience, but if it's a simple feature... who knows :-)

infrastructure feature-request
Source
picture StephanBijzitter
👍25

Most helpful comment

馃憤 for this, as we're also hit by this back pressure issue a lot.

picture sgerrand on 7 May 2019
👍3

All 6 comments

馃憤 for this, as we're also hit by this back pressure issue a lot.

sgerrand picture sgerrand on 7 May 2019
👍3

This is also affecting us (in a slightly different way). Our use case is that all of our deploys are asynchronous, which means that, if dependabot PRs are merged close to each other, this creates a race condition for deploy.

Limited concurrency would allow us to effectively throttle how many dependency updates are being merged in to master at the same time.

DeividasK picture DeividasK on 5 Aug 2019
👍2

@greysteil do you reckon this is possible and is there a way we could help with that? It's a real issue for us as multiple simultaneous deploys have already caused a couple of race conditions where an earlier code version was live as well as downtime (we are using GAE and it doesn't like multiple things happening at the same time).

DeividasK picture DeividasK on 10 Sep 2019

It's definitely possible, but unfortunately the logic for it will need to live in the dependabot-backend repo, which is private.

I'd love to get to this, but we don't have a team at GitHub for proactive work on Dependabot Preview at the moment. We're focussed on integrating into GitHub for the next few months; hopefully after that we'll be able to prioritise work like that.

greysteil picture greysteil on 10 Sep 2019
👍1

+1 would be great to throttle the number of concurrent PRs from dependabot as it creates a lot of pressure on our CI environments with all the redundant builds.

casmith picture casmith on 14 Jul 2020

+1 for this feature request. This would really be helpful for us as well as sometimes we have a burst of dependabot builds.

atmcarmo picture atmcarmo on 10 Nov 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Spomky picture Spomky  路  4Comments
qnighy picture qnighy  路  4Comments
LankyLou picture LankyLou  路  4Comments
rebelagentm picture rebelagentm  路  3Comments
jbreitbart picture jbreitbart  路  3Comments