Generator-jhipster: Enable Dependabot Version Updates

Created on 8 Jun 2020 · 12Comments · Source: jhipster/generator-jhipster

Overview of the issue

I suggest enabling dependabot version upgrades for our main repositories now that dependabot version updates are supported natively starting this month (without installing dependabot-preview).

Reference: https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/

I suggest the following repos. Please let me know if I've missed any or if anything needs inclusion or exclusion. I'll do this task this week if all goes according to plan. :smile:

[x] generator-jhipster

~~- [x] jhipster-online~~

[x] jhipster (BOM) - This we have to upgrade from dependabot-preview to dependabot; I can do this if I someone can give me admin permission or please follow >>here<<; it's just one click. :smile:

~~- [ ] jhipster.github.io~~

~~- [x] jhipster-registry~~

Motivation for or Use Case

Keeping the dependencies upto date. :smile:

Suggest a Fix

Enable dependabot native for all main repos.

Browsers and Operating System

[x] Checking this box is mandatory (this is just to show you read everything)

area dependencies

Source

SudharakaP

👍2

All 12 comments

I've done the pull requests. I don't think configuring jhipster.github.io for dependabot updates is useful since it has only 4 dependencies. I cannot configure the BOM as somebody with admin rights need to do it I believe :smile:

cc: @pascalgrimaud @deepu105

SudharakaP on 8 Jun 2020

Also, I've kept the duration to weekly update checks. Let me know if it needs adjustment to something else.

SudharakaP on 8 Jun 2020

I'll have a look on it. I though it is already configured by default on all projects

pascalgrimaud on 9 Jun 2020

👍1

@SudharakaP : I just merged https://github.com/jhipster/jhipster-registry/pull/443 for giving a try. And looking at https://github.com/jhipster/jhipster-registry/pulls, I can see several possible issues:

if we added this in all our projects, it will stuck our CI a lot
the Registry (or other generated project like JH Online) will not be aligned with the generated version of JHipster
as Registry (and Online) doesn't have e2e tests, the CI doesn't test anything, so we don't know if it works well in fact

What do you think ? Let's discuss

pascalgrimaud on 9 Jun 2020

👍1

@pascalgrimaud : Ah, I think you are right. It seems currently we might not be able to use this on all the projects. How about we only update this on the BOM and generator and remove from the rest (registry and jhipster-online) for now? :thinking:

SudharakaP on 9 Jun 2020

Agree @SudharakaP
So could you remove the bot from JH Registry and JH Online plz?

pascalgrimaud on 19 Jun 2020

👍1

Agree @SudharakaP
So could you remove the bot from JH Registry and JH Online plz?

Donne. :smile: So the remaining part of this issue is to merge, https://github.com/jhipster/generator-jhipster/pull/11915 and upgrade the BOM as I've explained above.

SudharakaP on 19 Jun 2020

@SudharakaP : sorry, I was late on this. Is dependabot correctly configured ? You asked me to configure the CLA. Do you know how to do this ?

pascalgrimaud on 27 Jun 2020

👍1

@SudharakaP : sorry, I was late on this. Is dependabot correctly configured ? You asked me to configure the CLA. Do you know how to do this ?

@pascalgrimaud : Hey, no worries. :smile: I think it can be done in the CLA Assistant dashboard; https://github.com/cla-assistant/cla-assistant#can-i-whitelist-bot-users. Probably we have dependabot-preview configured there and we need to replace that with dependabot instead. :smile:

SudharakaP on 27 Jun 2020

@pascalgrimaud : For jhipster BOM project you will need to log into dependabot dashboard and click on Update Config File as mentioned here; https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/#moving-forward-from-dependabot-com-and-dependabot-preview

SudharakaP on 27 Jun 2020

@deepu105 @jdubois : We had trouble finding where to configure the CLA exclusions for dependabot. Do you guys know by any chance since I think one of you configured it last time? :smile:

SudharakaP on 27 Jun 2020

Closing this as the everything related to this issue has been fulfilled. :smile:

SudharakaP on 22 Jul 2020

Was this page helpful?

0 / 5 - 0 ratings