devabhishekpal opened a new pull request, #5538:
URL: https://github.com/apache/ozone/pull/5538
## What changes were proposed in this pull request?
HDDS-9171. Added a dependabot.yml file to control the PRs that are being
raised by dependabot for auto-upgrade of versions.
Please describe your PR in detail:
* The Ozone upstream repo has dependabot upgrades enabled to maintain
versions for JS libraries, however right now dependabot only updates the
`pnpm-lock.yaml` file which is an incorrect behaviour and would cause build
failures.
* This PR adds a dependabot.yml file to set the rules on which folders to
scan for possible upgrades, defining the proper package manager to use, and
setup general dependabot behaviour.
* This also adds a few github actions, which would be triggered on a
dependabot raised PR.
* Why the actions are required?
Even after we properly define the dependabot behaviour, it would properly
update the versions on the dependencies. But it would also create a
pnpm-lock.yaml file automatically which might not be accurate. So the github
actions delete this bot generated lockfile, re-creates this file using pnpm to
ensure proper generation and re-commits this proper lockfile back into the PR,
ensuring the generation is properly done and there are no build issues with
such an upgrade.
## What is the link to the Apache JIRA
https://issues.apache.org/jira/browse/HDDS-9171
## How was this patch tested?
This patch was tested manually.
Dummy PR was raised against the branch with the changes in the private
forked repo, and then the validations were made.
| Screenshot | Description |
|------------|-------------|
|<img width="1728" alt="HDDS-9171-dependabot-PR"
src="https://github.com/apache/ozone/assets/43001336/8dfb82cd-8a48-43d4-b10e-0dbc4b497950";>
| PR created by dependabot, which includes the proper version bumps in the
`package.json` file. |
|<img width="1728" alt="HDDS-9171-dependabot-check-action"
src="https://github.com/apache/ozone/assets/43001336/29d52744-918b-4466-9348-dd63f8f64911";>
| `dependabot-check` action ran on a dummy PR raised against the branch with
the changes for testing. |
|<img width="1728" alt="HDDS-9171-dependabot-check-generated-lockfile"
src="https://github.com/apache/ozone/assets/43001336/e1a08306-8e34-4461-adc1-a9c6837853ec";>
| package-lock.yaml file that was created by the check action now included in
the PR |
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
