The problem I'm having with dependabot is that it opens PRs for upgrades that won't pass CI without a lot of work, e.g. upgrading winit ( https://github.com/servo/servo/pull/26256), and as a result I treat emails I get for dependabot PRs as quite likely to involve wasted effort.
The situation would be much better if we could somehow get the emails to be issued only if the PR passes the initial taskcluster build in CI. For example, if dependabot opened a draft PR, and only made it a full PR if the initial CI run succeeds? (And if we don't assign a reviewer to draft PRs.) Alan. On Sat, Apr 25, 2020 at 3:19 AM Bastien Orivel <eijeb...@bananium.fr> wrote: > Hi, > > > I have a few questions that I'm interested in hearing feedback on: > > * should we use Dependabot at all? > > I personally don't think we should use Dependabot. > > Looking at the current PRs it made, the `time` one I'm 99% sure needs > code changes and would introduce a duplicate. The `keyboard-types` one > is probably wrong, would introduce a dupe in a crate used for sharing > types across crates (would probably not compile). The `image` one would > dupe png. The `cc` and `smallvec` ones break the build. The `winit` one > doesn't build, would bring in more dupes. > > > * is our policy to ban duplicate versions by default still useful? > > Yes. Servo's dependency graph is huge already, let's not make it worse > by having 3 versions of the same dependency for every dependency. > > > * what changes should we make to the policy to accommodate the use of > > Dependabot? > > If it opened issues on semver breaking changes and maybe pinged people > that like updating dependencies the it might be better. Some of those > might even be good first issues like the time one if we can provide > examples of similar bumps. > > Regards, > Bastien > _______________________________________________ > dev-servo mailing list > dev-servo@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-servo > _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
