Hi Misagh, renovatebot looks interesting and worth at least to explore the possibility to add it at project's (rather than committer's level).
+1 to go ahead and ask Infra team about it. Regards. On 11/12/19 15:00, Misagh Moayyed wrote: > Hey Team, > > I suspect most know about this sort of thing, but I thought to share this > with you: > https://github.com/renovatebot/renovate > > I think this is a useful tool to allow a Github project such as Syncope to > automatically receive dependency updates and become self sufficient. It will > attempt to parse the project's dependencies/pom and will then begin to issue > pull requests with relevant updates. Its schedule, update policy and > inclusion/exclusion rules can all be controlled via a .renovate JSON file. > > It can run in two ways: > > 1- As a GitHub app, which would be installed for the Apache org on Github and > enabled for select repositories, such as Syncope. This option requires > coordination/permission from Apache infra, and updates are then automatic. > > 2- As a CLI tool, where a committer's personal access token is passed as a > command-line argument, and the tool can run as part of CI. This option > probably does not require anything from Apache infra [?], and updates can be > cancelled as part of the CI job that runs the tool. > > I am not sure what the CLA policy would be for bots; the second option > probably [?] covers this, as PRs are issued on behalf of the committer whose > AT is used. Either way, it seems like we need clarification from Apache infra. > > This is an example of a pull request by the bot: > https://github.com/Jasig/uPortal/pull/1849 > > This is an example of the bot's JSON configuration file: > https://github.com/Jasig/uPortal/blob/master/renovate.json > > How do you feel about this? Is this a good option to pursue and follow up? > > The bot also has the ability to rebase PRs, and can also take over the > merging process automatically if CI passes or other rules allow. (At some > point in the future, I think it will also gain the ability to travel back in > time and kill Sarah Connor [1], but that has yet to be fully verified.) > > --Misagh > > [1] https://www.wikiwand.com/en/Sarah_Connor_(Terminator) -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
