Conversation
I've enabled yarn berry support on this repo, so if you comment with
It's not quite clear to me why this is happening, but it occurs while dependabot runs I am not able to reproduce the issue locally on my mac, but in the image that runs Dependabot I get it consistently when running any yarn command in the repo in question. Next I tried reproducing it in a clean node image:
So it seems the issue may be related to running yarn on linux for this project? Could it be related to one of the plugins maybe? |
Thanks for the detailed writeup. I followed your docker instructions and confirmed I saw the same error. It is indeed the plugins which are also stored with lfs.
Do I understand correctly that the container that dependabot runs in does not have git lfs installed? There is an in-progress PR to automatically install missing plugins during How are you handling this for other repos? Or are we alone in tracking these plugin files via lfs? Will dependabot remain enabled for this repo? We can explore moving these files to regular git tracking and try asking dependabot to recreate this PR. |
Yeah that's right
I've not seen it before, we see it used for storing large blobs but those are basically never relevant for the dependency updating process. Some background context on this is that prior to yarn berry support, for npm and yarn projects, dependabot would just pull in the The usage of LFS in this case seems a bit out of the ordinary to me, but maybe it's a trend that I've just not seen before? We can enable it, but it would mean having to pull in large files that are most likely not going to be relevant, I think we can only pull all of it in or nothing, so we risk doing unnecessary work that slows down updates 🤔
Up to you, I'm absolutely fine keeping it on for as long as is helpful for y'all 👍 |
It does seem like it's possible to tell lfs to only pull specific files (i.e. things under |
👍 It's definitely helpful for us and we will keep iterating until we get dependabot working. Thank you! |
This seems to work:
|
For some context on why we do this. These plugin files (like the yarn script itself) are typically bundled/built/minified javascript sources. The git diff on these is meaningless for review much like a diff for binary files so there's no value in to us in storing them in a way that makes them diff-able. While LFS was originally developed as a large file store we have historically used it for binary or compiled files - anywhere where the diff is meaningless and we just need to store the file content. We currently have 4 plugins. These are their on-disk sizes:
So while some are relatively small, you can see that others are not and when we pull in a new version of the larger ones we don't care about storing a diff of them in our history (which similarly bloats the git clone of the repo). |
Yeah I can definitely understand the thought behind this, but it doesn't really play nice with our tooling at the moment. You could consider using gitattributes to hide the diffs by default, but it doesn't help with the repo size. |
I've proposed a change to dependabot-core that would run |
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
7 similar comments
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
@dependabot recreate |
48ae9c9
to
5eb6e34
Compare
@jurre This has gotten a lot further! ❤️🔥 🎉 |
@dependabot rebase |
5eb6e34
to
1f0d577
Compare
@dependabot rebase |
1f0d577
to
dd83667
Compare
@dependabot rebase |
Bumps [rc-tree](https://github.com/react-component/tree) from 5.4.3 to 5.7.0. - [Release notes](https://github.com/react-component/tree/releases) - [Changelog](https://github.com/react-component/tree/blob/master/CHANGELOG.md) - [Commits](react-component/tree@v5.4.3...v5.7.0) --- updated-dependencies: - dependency-name: rc-tree dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dd83667
to
5f03462
Compare
Bumps rc-tree from 5.4.3 to 5.7.0.
Release notes
Sourced from rc-tree's releases.
... (truncated)
Commits
5635072
v5.7.0953d96d
Revert "Revert "fix: disabled draggable node should have draggable className ...a486403
v5.6.9654edb7
Revert "fix: disabled draggable node should have draggable className (#632)"b2d382d
v5.6.84c3f962
v5.6.7bdfe4b2
fix: disabled draggable node should have draggable className (#632)63644b4
type: add id prop (#627)41721d8
chore(deps-dev): bump@umijs/fabric
from 2.12.2 to 3.0.0 (#612)2ed2c09
5.6.6Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)