Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to group all updates into a single PR for a repo #2203

Closed
tomyan opened this issue Jan 7, 2019 · 6 comments
Closed

Option to group all updates into a single PR for a repo #2203

tomyan opened this issue Jan 7, 2019 · 6 comments

Comments

@tomyan
Copy link

tomyan commented Jan 7, 2019

This is similar to dependabot/feedback#5, but would be an option to raise a single PR (or update a PR if there is one open already) whenever there are updates available for a repo. Making this tradeoff for a repo would have the advantage of having fewer PRs to deal with, so less time dealing with dependency updates - particularly if you manage a lot of repos.
@greysteil
Copy link
Contributor

Ack, was about to point you to deppbot but can see they've now shut down. Grouping everything together was exactly their service.

Grouping is still high up on our list but we're a tiny team. We'll get to it :-)

@alecgibson
Copy link

I'd love to see this feature. The way I see it, is that I like the "purity" of of being able to isolate which dependency caused a build failure or suspect deploy, but realistically:

  • we're going to deploy all of the dependency bumps at once, so they'll all be part of a suspect deploy anyway if something goes wrong
  • running a long build (inc. eg end-to-end tests) can be a huge pain just to bump eg a patch version of a type definition library
  • dependencies often have webs of interconnectedness, and merging one dependency forces us to rebase other dependencies and rerun their builds (again, a huge pain if your build is long)

@favna
Copy link

favna commented Oct 4, 2019

This is a feature that is part of the Depfu bot service but unlike Dependabot they do not integrate as well (i.e. with security alerts) nor update Github based dependencies and have a tendency to not update package-lock / yarn.lock which combined were major factors why I switched to Dependabot. I would however love to get a grouped update feature in Dependabot so I don't get a spam of PRs (I sometimes get 20+ PRs on 1 day for all the repo's I have the bot on).

@rebelagentm
Copy link
Contributor

@feelepxyz Any thoughts on this?

@feelepxyz
Copy link
Contributor

@rebelagentm would be ace and high up on the list of features to prioritise once we have some spare capacity as a team. Sadly at least another six months out 😢 It's quite a significant project and depends on https://github.com/dependabot/feedback/issues/5

@infin8x infin8x transferred this issue from dependabot/feedback Jun 29, 2020
@infin8x
Copy link
Contributor

infin8x commented Jul 2, 2020

Duplicate of #1190

@infin8x infin8x marked this as a duplicate of #1190 Jul 2, 2020
@infin8x infin8x closed this as completed Jul 2, 2020
@TWiStErRob TWiStErRob mentioned this issue Nov 11, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@feelepxyz @tomyan @infin8x @rebelagentm @greysteil @favna @alecgibson