To me, the very act of having to acknowledge more email notifications is being incurred extra work.
> Le 4 mai 2020 à 18:53, Josh Matthews <j...@joshmatthews.net> a écrit : > > In my experience, Taskcluster returns results within 30 minutes of the PR > opening, so all I need to do is check the in-PR results for a green > checkmark. If it's there, it's easy enough to merge. If it's red, it > sometimes means I need to file an issue like > https://github.com/servo/mozangle/issues/38 or > https://gitlab.freedesktop.org/gstreamer/gstreamer-rs/-/issues/251; in any > case, dependabot PRs that require code changes or de-duplication can be > closed without incurring extra work. > > Cheers, > Josh > > On 2020-05-01 11:08 a.m., Alan Jeffrey wrote: >> The problem I'm having with dependabot is that it opens PRs for upgrades >> that won't pass CI without a lot of work, e.g. upgrading winit ( >> https://github.com/servo/servo/pull/26256), and as a result I treat emails >> I get for dependabot PRs as quite likely to involve wasted effort. >> The situation would be much better if we could somehow get the emails to be >> issued only if the PR passes the initial taskcluster build in CI. For >> example, if dependabot opened a draft PR, and only made it a full PR if the >> initial CI run succeeds? (And if we don't assign a reviewer to draft PRs.) >> Alan. >> On Sat, Apr 25, 2020 at 3:19 AM Bastien Orivel <eijeb...@bananium.fr> wrote: >>> Hi, >>> >>>> I have a few questions that I'm interested in hearing feedback on: >>>> * should we use Dependabot at all? >>> >>> I personally don't think we should use Dependabot. >>> >>> Looking at the current PRs it made, the `time` one I'm 99% sure needs >>> code changes and would introduce a duplicate. The `keyboard-types` one >>> is probably wrong, would introduce a dupe in a crate used for sharing >>> types across crates (would probably not compile). The `image` one would >>> dupe png. The `cc` and `smallvec` ones break the build. The `winit` one >>> doesn't build, would bring in more dupes. >>> >>>> * is our policy to ban duplicate versions by default still useful? >>> >>> Yes. Servo's dependency graph is huge already, let's not make it worse >>> by having 3 versions of the same dependency for every dependency. >>> >>>> * what changes should we make to the policy to accommodate the use of >>>> Dependabot? >>> >>> If it opened issues on semver breaking changes and maybe pinged people >>> that like updating dependencies the it might be better. Some of those >>> might even be good first issues like the time one if we can provide >>> examples of similar bumps. >>> >>> Regards, >>> Bastien >>> _______________________________________________ >>> dev-servo mailing list >>> dev-servo@lists.mozilla.org >>> https://lists.mozilla.org/listinfo/dev-servo >>> > > _______________________________________________ > dev-servo mailing list > dev-servo@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-servo _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
