Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Turn off the dependabot for npm / package.yaml #39

Closed
wants to merge 1 commit into from
Closed

Turn off the dependabot for npm / package.yaml #39

wants to merge 1 commit into from

Conversation

andreasabel
Copy link
Member

It does not properly regenerate the files, and breaks the sync between
lib/ and dist/.
This breaks an invariant that is checked in our CI:

setup/.github/workflows/workflow.yml

Lines 34 to 35 in e9c043c

- name: Ensure generated files are up-to-date
run: git diff --exit-code dist/ lib/

Closes #33.

@andreasabel
Turn off the dependabot for npm / package.yaml
17518da 
It does not properly regenerate the files, and breaks the sync between
`lib/` and `dist/`.
This breaks an invariant that is checked in our CI:
https://github.com/haskell-actions/setup/blob/e9c043c1211ab736db60bbab2b3f3c2771bb7722/.github/workflows/workflow.yml#L34-L35

Closes #33.
@andreasabel
Copy link
Member Author

@brandonchinn178 @mihaimaruseac
Maybe it is best to turn off dependabot. Since it wants to update each dep individually, it has a quadratic load on the CI: Say it wants to merge 6 updates, after one merges the first one, CI runs again for the other 5, etc.

We can update the deps manually, it seems by this command sequence:

ncu -u
npm install
git add package.yaml package.yaml.lock
git commit -m "Update dependencies"
gh pr create --fill
# When CI is successful, merge the PR

(The last two command kick off the respective husky scripts.)

This could be done once in a while.

@brandonchinn178
Copy link
Member

That makes sense to me!

@mihaimaruseac
Copy link
Contributor

Makes sense to me too.

I know there's an option to configure dependabot / renovate to update all deps at once in a single pass. If we can do that's also a good solution to keep up to date.

@andreasabel
Copy link
Member Author

dependabot groups: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups

@andreasabel
Copy link
Member Author

Merged as c06cff5.

@andreasabel andreasabel closed this Oct 1, 2023
@mihaimaruseac mihaimaruseac deleted the dependabot-off branch December 2, 2023 02:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brandonchinn178 brandonchinn178 brandonchinn178 approved these changes

@mihaimaruseac mihaimaruseac mihaimaruseac approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dependabot breaks CI at "Ensure generated files are up-to-date"
3 participants
@andreasabel @brandonchinn178 @mihaimaruseac