To me, the very act of having to acknowledge more email notifications is being
incurred extra work.
> Le 4 mai 2020 à 18:53, Josh Matthews a écrit :
>
> In my experience, Taskcluster returns results within 30 minutes of the PR
> opening, so all I need to do is check the in-PR results for a green
> checkmark. If it's there, it's easy enough to merge. If it's red, it
> sometimes means I need to file an issue like
> https://github.com/servo/mozangle/issues/38 or
> https://gitlab.freedesktop.org/gstreamer/gstreamer-rs/-/issues/251; in any
> case, dependabot PRs that require code changes or de-duplication can be
> closed without incurring extra work.
>
> Cheers,
> Josh
>
> On 2020-05-01 11:08 a.m., Alan Jeffrey wrote:
>> The problem I'm having with dependabot is that it opens PRs for upgrades
>> that won't pass CI without a lot of work, e.g. upgrading winit (
>> https://github.com/servo/servo/pull/26256), and as a result I treat emails
>> I get for dependabot PRs as quite likely to involve wasted effort.
>> The situation would be much better if we could somehow get the emails to be
>> issued only if the PR passes the initial taskcluster build in CI. For
>> example, if dependabot opened a draft PR, and only made it a full PR if the
>> initial CI run succeeds? (And if we don't assign a reviewer to draft PRs.)
>> Alan.
>> On Sat, Apr 25, 2020 at 3:19 AM Bastien Orivel wrote:
>>> Hi,
>>>
I have a few questions that I'm interested in hearing feedback on:
* should we use Dependabot at all?
>>>
>>> I personally don't think we should use Dependabot.
>>>
>>> Looking at the current PRs it made, the `time` one I'm 99% sure needs
>>> code changes and would introduce a duplicate. The `keyboard-types` one
>>> is probably wrong, would introduce a dupe in a crate used for sharing
>>> types across crates (would probably not compile). The `image` one would
>>> dupe png. The `cc` and `smallvec` ones break the build. The `winit` one
>>> doesn't build, would bring in more dupes.
>>>
* is our policy to ban duplicate versions by default still useful?
>>>
>>> Yes. Servo's dependency graph is huge already, let's not make it worse
>>> by having 3 versions of the same dependency for every dependency.
>>>
* what changes should we make to the policy to accommodate the use of
Dependabot?
>>>
>>> If it opened issues on semver breaking changes and maybe pinged people
>>> that like updating dependencies the it might be better. Some of those
>>> might even be good first issues like the time one if we can provide
>>> examples of similar bumps.
>>>
>>> Regards,
>>> Bastien
>>> ___
>>> dev-servo mailing list
>>> dev-servo@lists.mozilla.org
>>> https://lists.mozilla.org/listinfo/dev-servo
>>>
>
> ___
> dev-servo mailing list
> dev-servo@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-servo
___
dev-servo mailing list
dev-servo@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-servo
