Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dependabot PRs not updating pnpm-lock.yaml #790

Open
thehenrytsai opened this issue Jul 23, 2024 · 1 comment
Open

dependabot PRs not updating pnpm-lock.yaml #790

thehenrytsai opened this issue Jul 23, 2024 · 1 comment
Assignees
@shamilovtim

Comments

@thehenrytsai
Copy link
Member

dependabot PRs currently do not include pnpm-lock.yaml, upon the PR merged, the release workflow runs pnpm install --frozen-lockfile which expects the pnpm-lock.yaml to be up-to-date (not allowed to change), but since it is not, the workflow fails.

Some possible solutions:

  1. Update dependabot to include pnpm-lock.yaml
  2. Update release workflow to allow pnpm-lock.yaml to be modified.
  3. Remove dependabot (not ideal because we introduced it for another reason: we depended on obsolete dependencies and were pinged by tbdex team)
@thehenrytsai thehenrytsai mentioned this issue Jul 23, 2024
Merged
@shamilovtim
Copy link
Member

I vote to turn off Dependabot. It has been a burden, caused version discrepancies between dwn-sdk-js and web5-js, wasted CI cycles, and is generally annoying. I'm happy to handle dependency upgrades manually. I wasn't aware we had a mandate for doing so and it's not difficult to handle manually.

@shamilovtim shamilovtim self-assigned this Aug 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shamilovtim shamilovtim

Labels
None yet
Projects
Web5 Roadmap
Status: Needs Discussion
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shamilovtim @thehenrytsai