Branches have green checks on them too. Every commit does unless you push
more than one at a time to a single branch (then they’re batched). This
applies to both Jenkins and GH Actions.
On Thu, Sep 17, 2020 at 19:39 Gary Gregory wrote:
> On Thu, Sep 17, 2020 at 12:23 PM Matt Sicker wrote:
>
>
On Thu, Sep 17, 2020 at 12:23 PM Matt Sicker wrote:
> Do they show up as branches before or after the PR? If it’s before, maybe
> we can disable the PR and just use the branches.
>
We need to keep PRs IMO: Getting a PR is the main benefit here because a
human can verify that there is a matching
Do they show up as branches before or after the PR? If it’s before, maybe
we can disable the PR and just use the branches.
On Wed, Sep 16, 2020 at 20:53 Gary Gregory wrote:
> On Wed, Sep 16, 2020 at 8:53 PM Matt Sicker wrote:
>
> >
>
> > Don’t Dependabot PRs show up as branches in each git
On Wed, Sep 16, 2020 at 8:53 PM Matt Sicker wrote:
>
> Don’t Dependabot PRs show up as branches in each git repo?
Yes, which let's a build happen on that branch as a GitHub Action,
assuming you have Actions enabled for your repo.
Gary
I noticed that
> with the Dependabot config for Log4j2 at
Don’t Dependabot PRs show up as branches in each git repo? I noticed that
with the Dependabot config for Log4j2 at least, though perhaps that’s a
GitBox feature.
On Wed, Sep 16, 2020 at 19:44 Gary Gregory wrote:
> On Wed, Sep 16, 2020 at 7:10 PM Rob Tompkins wrote:
>
> >
>
> >
>
> >
>
> > > On
On Wed, Sep 16, 2020 at 7:10 PM Rob Tompkins wrote:
>
>
>
> > On Sep 16, 2020, at 4:43 PM, Gary Gregory wrote:
> >
> > On Wed, Sep 16, 2020 at 4:25 PM Gilles Sadowski
> > wrote:
> >>
> >>> Le mer. 16 sept. 2020 à 21:09, Gary Gregory a
> >>> écrit :
> >>>
> >>> I think we really want the
On Wed, Sep 16, 2020 at 7:10 PM Rob Tompkins wrote:
>
>
>
> > On Sep 16, 2020, at 4:43 PM, Gary Gregory wrote:
> >
> > On Wed, Sep 16, 2020 at 4:25 PM Gilles Sadowski
> > wrote:
> >>
> >>> Le mer. 16 sept. 2020 à 21:09, Gary Gregory a
> >>> écrit :
> >>>
> >>> I think we really want the
> On Sep 16, 2020, at 4:43 PM, Gary Gregory wrote:
>
> On Wed, Sep 16, 2020 at 4:25 PM Gilles Sadowski wrote:
>>
>>> Le mer. 16 sept. 2020 à 21:09, Gary Gregory a
>>> écrit :
>>>
>>> I think we really want the PRs, the main benefit is to have the software
>>> built and tested WITH the
On Wed, Sep 16, 2020 at 4:25 PM Gilles Sadowski wrote:
>
> Le mer. 16 sept. 2020 à 21:09, Gary Gregory a écrit :
> >
> > I think we really want the PRs, the main benefit is to have the software
> > built and tested WITH the dependency update, that is a huge time saver.
>
> Yes, but the bot
Le mer. 16 sept. 2020 à 21:09, Gary Gregory a écrit :
>
> I think we really want the PRs, the main benefit is to have the software
> built and tested WITH the dependency update, that is a huge time saver.
Yes, but the bot should submit the PR only when asked by a human,
at times where it brings
I think we really want the PRs, the main benefit is to have the software
built and tested WITH the dependency update, that is a huge time saver.
Gary
On Wed, Sep 16, 2020, 13:17 Ralph Goers wrote:
> I am not sure that is possible since Dependabot is actually creating PRs
> and GitHub sends
I am not sure that is possible since Dependabot is actually creating PRs and
GitHub sends those to the mailing list. What I heard was that they would like
to have Dependabot just send reports from time to time about what dependencies
could be changed rather than create PRs. Matt also mentioned
I think the desire-complaint is how to stop Dependabot from sending emails
to our ML.
Gary
On Wed, Sep 16, 2020, 09:33 Matt Sicker wrote:
> Did you know that you can configure Dependabot to ignore specific
> dependencies and version ranges? You can also configure default
> reviewers (see also
Did you know that you can configure Dependabot to ignore specific
dependencies and version ranges? You can also configure default
reviewers (see also the GitHub CODEOWNERS file which can help set up
default reviewers [1]). If desired, you can configure it to only make
PRs for security updates
Le mer. 16 sept. 2020 à 14:42, Jochen Wiedmann
a écrit :
>
> On Wed, Sep 16, 2020 at 2:38 PM Gilles Sadowski wrote:
>
> > Isn't what
> >https://spamassassin.apache.org/
> > is about?
>
> Not that I am uptodate, but at least historically it hasn't. It's
> mostly about blocking spam. Related,
On Wed, Sep 16, 2020 at 2:38 PM Gilles Sadowski wrote:
> Isn't what
>https://spamassassin.apache.org/
> is about?
Not that I am uptodate, but at least historically it hasn't. It's
mostly about blocking spam. Related, but not necessarily reusable for
the suggested purpose.
Jochen
---
Look,
Le mer. 16 sept. 2020 à 14:29, Jochen Wiedmann
a écrit :
>
> On Wed, Sep 16, 2020 at 12:37 PM Gilles Sadowski wrote:
>
> > As I've already stated in the previous "discussion" (from
> > where I was left with the only solution of filtering out), a lot
> > of the bot-generated messages is just
On Wed, Sep 16, 2020 at 12:37 PM Gilles Sadowski wrote:
> As I've already stated in the previous "discussion" (from
> where I was left with the only solution of filtering out), a lot
> of the bot-generated messages is just spam.
> IMO, it's not needed for traceability, and nobody/norobot is
>
2020-09-16 8:16 UTC+02:00, Jochen Wiedmann :
> On Mon, Sep 14, 2020 at 2:48 PM Gary Gregory
> wrote:
>
>> [...]
>> I don't really care about
>> the emails one way or another.
Then why force them down onto people who did care?
>
> I don't need a compromise. Just wanted to trigger a discussion.
On Mon, Sep 14, 2020 at 2:48 PM Gary Gregory wrote:
> - Jochen: What you do with your inbox is your business ;-) What is
> the happy compromise here? Do you want a separate email list? Zero
> Dependabot emails anywhere? If you feel strongly about this, please
> create a [POLL] thread for what
On Mon, Sep 14, 2020 at 9:23 AM sebb wrote:
>
> On Mon, 14 Sep 2020 at 13:48, Gary Gregory wrote:
> >
> > - Sebb: The sooner you know something is broken, the better. For
>
> That is what Gump is for.
>
> > example: The new release of commons-net breaks commons-vfs (see my
> > other email
On Mon, 14 Sep 2020 at 13:48, Gary Gregory wrote:
>
> - Sebb: The sooner you know something is broken, the better. For
That is what Gump is for.
> example: The new release of commons-net breaks commons-vfs (see my
> other email thread). It is purely coincidental that this happened at
> the time
Le lun. 14 sept. 2020 à 14:48, Gary Gregory a écrit :
>
> [...]
> - Jochen: What you do with your inbox is your business ;-) What is
> the happy compromise here? Do you want a separate email list? Zero
> Dependabot emails anywhere? If you feel strongly about this, please
> create a [POLL] thread
- Sebb: The sooner you know something is broken, the better. For
example: The new release of commons-net breaks commons-vfs (see my
other email thread). It is purely coincidental that this happened at
the time I wanted to release VFS. Still, now I don't really want to
push through a VFS release
I agree.
It would be more useful if there was a report that people could
consult when preparing to release a new version.
If someone is working on a component, then they may wish to update
dependencies as part of that, but these mass updates distract from the
day-to-day changes.
What is the use
For the record: Mails from dependabot are now being deleted
automatically from my inbox.
I consider this to be a failed experiment, and would like us to terminate it.
Jochen
--
Look, that's why there's rules, understand? So that you think before
you break 'em.
-- (Terry Pratchett,
26 matches
Mail list logo
