GH doesn't do anything by default.
We only merge `dependabot` PRs in a "step" that is only executed if the
"build" step passes.
On Fri, Dec 2, 2022 at 8:33 PM Gary Gregory wrote:
> Very cool, I wonder how GH knows not to merge if any build in the PR
> failed.
>
> Gary
>
> On Fri, Dec 2, 2022, 13
Very cool, I wonder how GH knows not to merge if any build in the PR failed.
Gary
On Fri, Dec 2, 2022, 13:43 Volkan Yazıcı wrote:
> Via GitHub Actions:
>
> https://github.com/apache/logging-log4j-tools/blob/master/.github/workflows/build.yml#L71
>
> On Fri, Dec 2, 2022 at 2:17 PM Gary Gregory
`dependabot.yml` can be configured to ignore/accept certain type of
updates:
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
GitHub Actions workflow (`build.yml`) can be adapted to add/update a file
along with the vers
Via GitHub Actions:
https://github.com/apache/logging-log4j-tools/blob/master/.github/workflows/build.yml#L71
On Fri, Dec 2, 2022 at 2:17 PM Gary Gregory wrote:
> That's cool! How is that set up?
>
> Gary
>
> On Fri, Dec 2, 2022 at 8:11 AM Volkan Yazıcı wrote:
> >
> > In the context of LOG4J2-3
One other thing. We have gotten in the habit of creating an “umbrella” Jira
issue to capture dependency changes within a release. We need to ensure
whatever is committed by Dependabot is also captured.
Ralph
> On Dec 2, 2022, at 10:05 AM, Matt Sicker wrote:
>
> This definitely looks like an i
This definitely looks like an interesting idea! Minor updates should patch
fairly painlessly, and we can form a list of dependencies over time that
shouldn’t auto-update.
> On Dec 2, 2022, at 7:10 AM, Volkan Yazıcı wrote:
>
> In the context of LOG4J2-3628 (replacing `maven-changes-plugin`), I
I would be OK with this so long as it only applies to minor version bumps.
Upgrading major versions should still require human eyeballs.
Ralph
> On Dec 2, 2022, at 6:17 AM, Gary Gregory wrote:
>
> That's cool! How is that set up?
>
> Gary
>
> On Fri, Dec 2, 2022 at 8:11 AM Volkan Yazıcı wro
That's cool! How is that set up?
Gary
On Fri, Dec 2, 2022 at 8:11 AM Volkan Yazıcı wrote:
>
> In the context of LOG4J2-3628 (replacing `maven-changes-plugin`), I am
> overhauling the `log4j-tools` project. I have done something, if I may say,
> A-W-E-S-O-M-E, which I would like to repeat for Log
In the context of LOG4J2-3628 (replacing `maven-changes-plugin`), I am
overhauling the `log4j-tools` project. I have done something, if I may say,
A-W-E-S-O-M-E, which I would like to repeat for Log4j too at some point:
https://github.com/apache/logging-log4j-tools/pull/5
What is exactly happening
