Thanos: Disable dependabot and add process for updating all deps after each release

Created on 17 Oct 2019  Â·  8Comments  Â·  Source: thanos-io/thanos

We are kind of behind dependencies and being spammed by
It would be nice to configure dependabot to do all in one PR. I can't see such an option so I have created a support ticket.

Should it be a release shepherd responsibility?

AC:

  • After every release, we upgrade all our dependencies.

cc @brancz @domgreen @GiedriusS @metalmatze @adrien-f @FUSAKLA opinions?

stale
Source
picture bwplotka

All 8 comments

I do what is it that is keeping us from merging these PRs? It seems like continuously doing this is a better idea then at once. Do we not have the confidence? Is it too much?

Generally speaking this still seems like a good idea in theory, I want to understand what's making it not useful in practice (and/or if we _could_ make it useful :slightly_smiling_face: ).

brancz picture brancz on 17 Oct 2019
👍1

Sure, so problems with current approach:

  • Each merge of such dep PR creates conflict in go.mod (in most cases). Bot is re submitting another dep PRs in this case, but we have to wait for CI etc. At least 20m wait time for each PR. For ~50 deps it takes in worst case it takes 16h (: Not fun.
  • We can have bit of "dependency hell" with indirect deps. This means that one PR can update one dep, but in another we have to downgrade. It might be not very efficient to takle on each dep basis
bwplotka picture bwplotka on 17 Oct 2019

It's probably worth giving the dependabot folks this feedback. I'd say let's make it release shepherd responsibility, that seems like a reasonable thing (of course one off bumps are not discouraged).

brancz picture brancz on 18 Oct 2019
👍1

Ticket sent, no response

bwplotka picture bwplotka on 23 Oct 2019

5 days later, did you get a response in the meantime?

metalmatze picture metalmatze on 28 Oct 2019

Nope: It is also Github support as it was acquired. No response at all ):

On Mon, 28 Oct 2019 at 11:06, Matthias Loibl notifications@github.com
wrote:

5 days later, did you get a response in the meantime?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/thanos-io/thanos/issues/1659?email_source=notifications&email_token=ABVA3OYPQQ6RLP6U7WV2OF3QQ3BT7A5CNFSM4JBXYBW2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECMP6SY#issuecomment-546897739,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ABVA3OYEIML3WMWES5V72X3QQ3BT7ANCNFSM4JBXYBWQ
.

bwplotka picture bwplotka on 28 Oct 2019

Actually forget about a support ticket, look at this: https://github.com/dependabot/feedback/issues/5 :eyes:

Will describe our use case and will check if we can help in any way.

bwplotka picture bwplotka on 29 Oct 2019
👍1

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] picture stale[bot] on 11 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sevagh picture sevagh  Â·  3Comments
abursavich picture abursavich  Â·  4Comments
pstibrany picture pstibrany  Â·  4Comments
paulcdejean picture paulcdejean  Â·  4Comments
caarlos0 picture caarlos0  Â·  3Comments