Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make managing dependabot updates less time consuming #220

Open
4 tasks
llucax opened this issue Feb 2, 2024 · 0 comments
Open
4 tasks

Make managing dependabot updates less time consuming #220

llucax opened this issue Feb 2, 2024 · 0 comments
Labels
part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) type:enhancement New feature or enhancement visitble to users
Milestone
Untriaged

Comments

@llucax
Copy link
Contributor

llucax commented Feb 2, 2024
edited
Loading

What's needed?

Even with monthly updates, we still feel like we get too many updates too often. We need a way to spend less time doing updates that bring very little value.

Proposed solution

A few steps that might help in this regard:

  • Do updates less often, quarterly, bi-yearly or even yearly. We have to keep a reasonably balance to make sure we don't end up using unmaintained dependencies for too long, risking security issues.
  • Have upgrades be triggered in a "canary project" first, so we can identify which need manual intervention and invest some time first on figuring out how to fix it, before spamming all other projects.
  • Better differentiate between important and not so important updates.
  • Auto-merge dependabot updates passing tests #287
@llucax llucax added part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) type:enhancement New feature or enhancement visitble to users labels Feb 2, 2024
@llucax llucax added this to the Untriaged milestone Feb 2, 2024
@llucax llucax mentioned this issue Feb 2, 2024
Merged
@llucax llucax changed the title Make dependabot update non-core dependencies less often Make managing dependabot updates less time consuming Feb 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) type:enhancement New feature or enhancement visitble to users
Projects
None yet
Milestone
Untriaged
Development

No branches or pull requests
1 participant
@llucax