kevinjqliu commented on issue #15742: URL: https://github.com/apache/iceberg/issues/15742#issuecomment-4114310649
@potiuk thanks for the callout on the ASF policy requiring Dependabot. I've already removed/disabled it from a few repos — I'll put it back. My main concern with Dependabot auto-updates is the silent CI failures I've observed recently (more context in https://github.com/apache/infrastructure-actions/issues/574). When Dependabot updates to a version not on the ASF Infrastructure allowlist, the CI view still shows as passing — this is a footgun that will cause CI to fail silently. For example, I've reprod'ed with https://github.com/apache/iceberg/pull/15749 * CI is green (shows 4 successful checks) * Go to the ["checks" tab](https://github.com/apache/iceberg/pull/15749/checks), some of the checks are black <img width="863" height="229" alt="Image" src="https://github.com/user-attachments/assets/f7afefc1-e6da-4abc-b335-421fddd6e3fd"; /> * that specific run is marked with ["startup failure"](https://github.com/apache/iceberg/actions/runs/23464544155) * But the PR still can be merged... * After merging, the "Open-API" will continue to fail silently... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
