New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
automatically add ok-to-test and deps label when dependabot send PR #5468
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: charles-chenzz The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@sarab97 could you review this one? |
# Allow patches and security update. | ||
- dependency-name: k8s.io/* | ||
update-types: ["version-update:semver-major", "version-update:semver-minor"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why are we ignoring these updates? These are k8s deps and those should be updated.
As I understand our concern was not to update any dependency past k/k which needs to be manually verified.
Also small thing leave a blank line at the end.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we need to update every version of k8s deps but we want the security and patches update + don't update deps past k/k. and this part finish the sec and patch section
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as i understand this skip condition means to skip all dependency libs under k8s, this wont be checking anything in k/k repo. And our requirement of not update deps past k/k means not to jump the version of any package past k/k either under k8s or otherwise.
This condition wont check k/k dependencies. Instead it will altogether skip all dependency libs under k8s.io which is not the requirement. This will do completely seperate thing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the update types is to control what k/k deps we want. it will only check security update
enabled: true | ||
labels: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these lables are applied only to go
package updates. Shouldnt same be added to above github actions section as well.
labels: | ||
- "ok-to-test" | ||
- "dependencies" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the labels is missing lgtm
label.
@natasha41575 when we discussed this your suggestion was instead of lgtm
auto add approved
label. So should we go with approved
instead. This will make it easier for anyone to approve dependabot PRs. I would rather go for approved
label.
The Kubernetes project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
@k8s-triage-robot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
this PR configure dependabot to add ok-to-test label automatically