Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Have Dependabot offer submodule updates #1702

Merged
merged 1 commit into from
Oct 13, 2023

Conversation

EliahKagan
Copy link
Contributor

@EliahKagan EliahKagan commented Oct 13, 2023

This extends the current Dependabot configuration so that, in addition to offering updates for GitHub Actions, it also offers them for git submodules (for the gitdb direct submodule).

This is to make updating the gitdb submodule more convenient, as well as making the its intended status relative to the head of gitdb clearer:

  • PRs are set to be created monthly, or less often if the head of the gitdb repository has not advanced.
  • They can also be triggered manually, so having them set monthly should never hold anything back.
  • This proposal is not based on the idea that GitPython should always be kept up to date with gitdb. Dependabot PRs can be closed, and this signifies both to Dependabot and to humans that the specific update the Depedabot PR was for is not wanted at this time.

It is really that expressiveness that I regard to be the major benefit here: people can always check to see whether GitPython's submodule being behind the gitdb remote repository is intentional.

However, automatically creating PRs when situations like the one described in #1659 (comment) happen is also a benefit, and that is what gave me the idea to propose this. (For that in particular, I suggest updating the submodule separately from, and prior to, making new releases of either package or synchronizing dependency versions, to facilitate testing of the change, since the automated tests currently use the submodule version. If this PR is merged, then the resulting Dependabot PR for the update can also be merged.)

(There is a further benefits of using Dependabot for this: the Dependabot commands. Rebasing onto main can be done with @dependabot rebase, and merging after waiting for all CI checks pass can be done with @dependabot merge or, if no separate merge commit is desired, @dependabot squash and merge.)

Please note that my intention is not to prolong the GitPython repository's nontrivial use of submodules any longer than it would have been. I believe this change would not entrench that, because it is easy to revert or otherwise undo when no longer needed.

Although the actual gitdb submodule is located in git/ext/gitdb, I think specifying "/" as the directory in dependabot.yml is correct, because except where otherwise documented, Dependabot treats directory as the location of manifest files, which I believe it considers .gitmodules to be, for submodules, rather than the submodule itself.

This extends the current Dependabot configuration so that, in
addition to offering updates for GitHub Actions, it also offers
them for git submodules (for the gitdb direct submodule).
@EliahKagan EliahKagan force-pushed the submodule-dependabot branch from 8b5c917 to 7b1c046 Compare October 13, 2023 06:05
@EliahKagan EliahKagan marked this pull request as ready for review October 13, 2023 06:05
Copy link
Member

@Byron Byron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a great catch! I forgot that CI here was testing with an older version of gitdb, and dependabot with this configuration should help discover when these go out of sync.

I also update gitdb by hand now, for good measure, which might have been a mistake as dependabot probably won't trigger now. (let me undo it - done).

directory probably even defaults to 'root' as this is the default location, but if it doesn't work we can always fix it. Let's try :).

@Byron Byron merged commit 7ea450d into gitpython-developers:main Oct 13, 2023
@EliahKagan EliahKagan deleted the submodule-dependabot branch October 13, 2023 07:42
@EliahKagan
Copy link
Contributor Author

The status should be shown in the Dependabot tab of the Dependency Graph page.

(I can't access that, but I believe it is the correct URL.)

@Byron
Copy link
Member

Byron commented Oct 13, 2023

Oh, right, I wasn't aware!

Indeed it's already active, maybe it will produce a PR soon.

Screenshot 2023-10-13 at 09 49 35

@EliahKagan
Copy link
Contributor Author

EliahKagan commented Oct 13, 2023

Nice! :)

I considered also opening a PR like this in the gitdb repository so that its smmap submodule would be updated automatically. That is updated less often, though, and I'm not sure it would really be worthwhile to do that. If you think it is, I'll open such a PR as well.

Edit: I see that Dependabot has successfully created a PR, #1704. (If you comment with @dependabot merge, or @dependabot squash and merge, it will wait until CI passes and, only if it passes, then merge the PR automatically. You need not do this, of course.)

@Byron
Copy link
Member

Byron commented Oct 13, 2023

While these repos exist, it's probably worth it (even though smmap truly changes rarely.). Thanks for your tremendous help.

@EliahKagan
Copy link
Contributor Author

EliahKagan commented Oct 13, 2023

I will do so shortly. Given this, I suggest not yet merging the existing Dependabot PR here (via commands or otherwise). May as well wait for the submodule update from the gitdb PR being merged there. No need to do anything at all on #1704 actually; when Dependabot opens a new one for that same dependency, it will automatically close #1704, though you may need to trigger Dependabot manually to do another scan to see it.

EliahKagan added a commit to EliahKagan/gitdb that referenced this pull request Oct 13, 2023
This makes Dependabot open version update PRs for submodules
(which here is just smmap), as well as GitHub Actions. This is
like gitpython-developers/GitPython#1702.
@EliahKagan
Copy link
Contributor Author

I've proposed the analogous change to gitdb (for updating the smmap submodule) in gitpython-developers/gitdb#99.

@Byron
Copy link
Member

Byron commented Oct 13, 2023

It looks like it doesn't automatically trigger now, probably due to the weekly cadence. I guess it's fair to merge the one open PR now and wait for the next one (as also I can't trigger a scan by hand).

@EliahKagan
Copy link
Contributor Author

I think it's worth looking into why you can't manually trigger it, before merging #1704.

@Byron
Copy link
Member

Byron commented Oct 13, 2023

Sorry, that was too late. It's fine to me as well - maybe I was just overlooking something - turns out I was not seeing the button that at least now is there. Now it's scanning.

@EliahKagan
Copy link
Contributor Author

It's allowing you to manually trigger the scan now?

@EliahKagan
Copy link
Contributor Author

Oh, I see. When you said it was too late, you meant you had already merged the first one. I think that's no problem at all, though.

@EliahKagan
Copy link
Contributor Author

probably due to the weekly cadence

The cadence for action updates is set to weekly, but I actually set the cadence for submodule updates to monthly, both here and in gitdb. Would you prefer it be weekly?

If so, I could open new PRs for that. Editing dependabot.yml always triggers new scans, so if you prefer weekly cadence but don't want more scans right now, I could wait until next time I'm already proposing some other change to gitdb to do that in both repositories. (I have no other specific change in mind currently but I'm fairly sure I'll end up opening another PR there at some point.)

@Byron
Copy link
Member

Byron commented Oct 13, 2023

Yes, please feel free to change the cadence next time you get to it 🙏 - a PR specifically for that right now isn't necessary though.

EliahKagan added a commit to EliahKagan/gitdb that referenced this pull request Oct 20, 2023
EliahKagan added a commit to EliahKagan/GitPython that referenced this pull request Oct 20, 2023
This sets the Dependabot submodule update cadence from montly to
weekly, as requested in:
gitpython-developers#1702 (comment)

(This change in GitPython corresponds directly to
gitpython-developers/gitdb#104 in gitdb.)
@EliahKagan
Copy link
Contributor Author

EliahKagan commented Oct 20, 2023

I've opened #1721 and gitdb#104 to change the cadence of Dependabot submodule updates from monthly to weekly, in this and the gitdb repository, respectively. With recent and proposed changes to gitdb, this seemed like a reasonable time, but for maximum flexibility I've opened them as their own PRs instead of including them in other PRs.

renovate bot referenced this pull request in allenporter/flux-local Oct 20, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [GitPython](https://togithub.com/gitpython-developers/GitPython) |
`==3.1.37` -> `==3.1.40` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/GitPython/3.1.40?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/GitPython/3.1.40?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/GitPython/3.1.37/3.1.40?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/GitPython/3.1.37/3.1.40?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>gitpython-developers/GitPython (GitPython)</summary>

###
[`v3.1.40`](https://togithub.com/gitpython-developers/GitPython/compare/3.1.38...3.1.40)

[Compare
Source](https://togithub.com/gitpython-developers/GitPython/compare/3.1.38...3.1.40)

###
[`v3.1.38`](https://togithub.com/gitpython-developers/GitPython/releases/tag/3.1.38)

[Compare
Source](https://togithub.com/gitpython-developers/GitPython/compare/3.1.37...3.1.38)

#### What's Changed

- Add missing assert keywords by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1678](https://togithub.com/gitpython-developers/GitPython/pull/1678)
- Make clear every test's status in every CI run by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1679](https://togithub.com/gitpython-developers/GitPython/pull/1679)
- Fix new link to license in readme by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1680](https://togithub.com/gitpython-developers/GitPython/pull/1680)
- Drop unneeded flake8 suppressions by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1681](https://togithub.com/gitpython-developers/GitPython/pull/1681)
- Update instructions and test helpers for git-daemon by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1684](https://togithub.com/gitpython-developers/GitPython/pull/1684)
- Fix Git.execute shell use and reporting bugs by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1687](https://togithub.com/gitpython-developers/GitPython/pull/1687)
- No longer allow CI to select a prerelease for 3.12 by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1689](https://togithub.com/gitpython-developers/GitPython/pull/1689)
- Clarify Git.execute and Popen arguments by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1688](https://togithub.com/gitpython-developers/GitPython/pull/1688)
- Ask git where its daemon is and use that by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1697](https://togithub.com/gitpython-developers/GitPython/pull/1697)
- Fix bugs affecting exception wrapping in rmtree callback by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1700](https://togithub.com/gitpython-developers/GitPython/pull/1700)
- Fix dynamically-set **all** variable by
[@&#8203;DeflateAwning](https://togithub.com/DeflateAwning) in
[https://github.com/gitpython-developers/GitPython/pull/1659](https://togithub.com/gitpython-developers/GitPython/pull/1659)
- Fix small
[#&#8203;1662](https://togithub.com/gitpython-developers/GitPython/issues/1662)
regression due to
[#&#8203;1659](https://togithub.com/gitpython-developers/GitPython/issues/1659)
by [@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1701](https://togithub.com/gitpython-developers/GitPython/pull/1701)
- Drop obsolete info on yanking from security policy by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1703](https://togithub.com/gitpython-developers/GitPython/pull/1703)
- Have Dependabot offer submodule updates by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1702](https://togithub.com/gitpython-developers/GitPython/pull/1702)
- Bump git/ext/gitdb from `49c3178` to `8ec2390` by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/gitpython-developers/GitPython/pull/1704](https://togithub.com/gitpython-developers/GitPython/pull/1704)
- Bump git/ext/gitdb from `8ec2390` to `6a22706` by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/gitpython-developers/GitPython/pull/1705](https://togithub.com/gitpython-developers/GitPython/pull/1705)
- Update readme for milestone-less releasing by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1707](https://togithub.com/gitpython-developers/GitPython/pull/1707)
- Run Cygwin CI workflow commands in login shells by
[@&#8203;EliahKagan](https://togithub.com/EliahKagan) in
[https://github.com/gitpython-developers/GitPython/pull/1709](https://togithub.com/gitpython-developers/GitPython/pull/1709)

#### New Contributors

- [@&#8203;DeflateAwning](https://togithub.com/DeflateAwning) made their
first contribution in
[https://github.com/gitpython-developers/GitPython/pull/1659](https://togithub.com/gitpython-developers/GitPython/pull/1659)

**Full Changelog**:
gitpython-developers/GitPython@3.1.37...3.1.38

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/allenporter/flux-local).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xOS4yIiwidXBkYXRlZEluVmVyIjoiMzcuMTkuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants