potiuk commented on issue #15742: URL: https://github.com/apache/iceberg/issues/15742#issuecomment-4114418566
> My main concern with Dependabot auto-updates is the silent CI failures I've observed recently (more context in https://github.com/apache/infrastructure-actions/issues/574). When Dependabot updates to a version not on the ASF Infrastructure allowlist, the CI view still shows as passing — this is a footgun that will cause CI to fail silently. Dependabot cannot auto-update on it's own - you have to click merge, and there is a workflow in https://github.com/apache/infrastructure-actions that also uses dependabot to automatically bump such version (cooldown: 4 days of yesterday). I've also (yesterday) developed and submitted at PR with tooling for INFRA that should allow to review such updated actions and merge them easily: https://github.com/apache/infrastructure-actions/pull/561 - so hopefully INFRA will review and merge them quickly - you can also always ping them to do so before merging new versions of actions. Generally it's a good idea to review such updates before merge anyway (you would not merge such new action without reviewing it - would you??), so checking if the action has already been merged in the infra repo and nugding in the PR if it's not, sounds like a good idea. You can also increase cooldown days - to be more cartain that the update in infra is merged before yours. And yes - this is known issue which I reported 3 years ago to GitHub - without fix yet - that workflow failure or not starting jobs at all makes PR "green". And you have very same issue when you make a typo in your wokrflow. There is a way to prevent that however. you just - in your protected_branch definition must define necessary job that must suceed for the branch to be mergable. https://github.com/apache/infrastructure-asfyaml?tab=readme-ov-file#branch-protection (contexts) -> in this case lack of the status check will make your PR non-mergable. I think there is always some room for improvement - and I think - similarly as I helped INFRA with the script development and testing (I was able to review and merge more than 10 prs in a matter of minutes yesterday) - improvements in the process are most welcome. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
