Create dependabot.yml to automatically pick up new versions #106
Conversation
There was a problem hiding this comment.
Hi @jtpio, I wish to send out a gentle ping here – and a review of the changes if it helps! :)
You may also refer to https://github.com/data-apis/array-api-compat/blob/8a7999434452019c3110e06f6224fa71a023a549/.github/workflows/dependabot-auto-merge.yml so that the PRs are auto-merged if the required CI jobs pass (though more stringent required checks can be added in the settings, of course). This is in case PR spam is a concern.
Though any breakages would be mostly caught by the fact that we release multiple alpha releases first before a final release, if we don't want to auto-merge the PRs for, say, dependencies such as jupyterlite-core itself, we also have an option of sifting through the output via steps.dependabot-metadata.outputs.dependency-names.
See also: https://github.com/dependabot/fetch-metadata#enabling-auto-merge
In a nutshell, this PR would be pretty reasonable to revisit, as it would bring websites and other places on the internet that are using this deployment up to date faster (xref: #151).
| version: 2 | ||
| updates: | ||
| - package-ecosystem: "pip" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "daily" |
There was a problem hiding this comment.
| version: 2 | |
| updates: | |
| - package-ecosystem: "pip" | |
| directory: "/" | |
| schedule: | |
| interval: "daily" | |
| version: 2 | |
| updates: | |
| - package-ecosystem: "pip" | |
| directory: "/" | |
| schedule: | |
| interval: "daily" | |
| labels: | |
| - "maintenance" | |
| open-pull-requests-limit: 5 |
This will do as stated – I think reducing the number of open pull requests would help reduce spam. In any case, I would be happy to help review these PRs, if I were given triage rights to this repository or similar, by being added under a reviewers: section.
|
Now that I think of it, adding this Dependabot configuration would also add it for everyone who uses this template, which I can see many users might not like, due to previously mentioned PR spam. A feature request for adding files to ignore when generating a repository from a template is still open at the moment, and apparently isn't on GitHub's roadmap. I do see there's a nice workaround GitHub Action that will run only once on template generation (wouldn't work on forks) and delete the files. However, I don't know if this is worth the effort adding, documenting, and having to maintain. |
Yes that was the primary reason for keeping it as a draft for now. |
This will help repos generated from this template keep their dependency on
jupyterliteup-to-date when new JupyterLite releases are out.This should also update other dependencies listed in
requirements.txt.Fixes #44