ppkarwasz commented on issue #4720: URL: https://github.com/apache/eventmesh/issues/4720#issuecomment-1878903999
We have a [merge-dependabot-reusable.yaml](https://github.com/apache/logging-parent/blob/main/.github/workflows/merge-dependabot-reusable.yaml) Github Actions script that merges Dependabot PR's automatically if they pass the tests. @vy, any ideas how to adapt this to EventMesh? The main problem, as I see it that EventMesh has a binary distribution with third-party dependencies, while Log4j doesn't. Therefore your merge Dependabot script must be more complex to adhere to the Apache ["Assembling LICENSE and NOTICE'](https://infra.apache.org/licensing-howto.html) policy. I can try to enhance your [`check-dependencies.sh`](https://github.com/apache/eventmesh/blob/master/tools/dependency-check/check-dependencies.sh) so that it does not fail if a dependency version changes. Most of the time (i.e. if the new version does not have new dependencies) it should be enough to merge the Dependabot PR automatically. IIRC Apache Airflow also has a complex CI deployment to upgrade several Python packages a day. @potiuk, is there some part of your infrastructure that can be adapted to a Java project? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
