Thanks for driving this Oleg! I'm in for the plugins I'm maintaining:
- https://github.com/jenkinsci/buildtriggerbadge-plugin/ - https://github.com/jenkinsci/chucknorris-plugin - https://github.com/jenkinsci/versioncolumn-plugin - https://github.com/jenkinsci/parameterized-scheduler-plugin If I can add them myself, feel free to just point me to some link/docs, and I'll handle it myself. Thanks! -- Baptiste Le lun. 25 févr. 2019 à 14:35, Oleg Nenashev <[email protected]> a écrit : > Hi all, > > I have enabled Dependabot and added the requested components. Enjoy the PR > notifications in your Inbox :) > > I have also started a Google Doc > <https://docs.google.com/document/d/1hRrH8PSCswBQgY_Q-7eHCHCVZHJOl4XgQQCswdUmpKY/edit?usp=sharing> > where everybody is welcome to put comments/feedback about the evaluation. > It should help us to discuss the experienced issues and to create best > practices/policies in the future JEPs. > > Hi Ulli and Joseph, > > As discussed above, there is a preference to limit the testing scope to > development tools and to plugins with low usage numbers for now. I have > added "analysis-model" and "vstestrunner" components for now, but I would > prefer to wait a bit before we add other plugins. > > BR, Oleg > > > On Friday, February 22, 2019 at 11:55:23 PM UTC+1, Joseph P wrote: >> >> Please enable it for >> >> * bitbucket-branch-source-plugin >> * mstest-plugin >> * vstestrunner-plugin >> >> On Thursday, February 21, 2019 at 2:43:48 PM UTC+1, Oleg Nenashev wrote: >>> >>> Dear all, >>> >>> I would like to follow-up on the Dependabot request from Jesse Glick in >>> INFRA-1975 <https://issues.jenkins-ci.org/browse/INFRA-1975>. Dependabot >>> <https://dependabot.com/> is a service for automated dependency updates >>> which supports many languages/tools, including Maven, Docker and Gradle >>> which are being heavily used in Jenkins. >>> >>> Dependency management is a problem in Jenkins, because we have hundreds >>> of repositories with many dependencies there. Maintainers spend a lot of >>> time on managing dependencies, and sometimes it leads to ancient >>> dependencies in components. Especially in the development tools which "just >>> work". By automating dependency updates we could give maintainers more time >>> to focus on other tasks. >>> >>> Dependabot is one of the engines we could use for dependency management. >>> It is free for open-source projects, and it is a SaaS application which can >>> be almost completely managed from GitHub. It can just create pull requests >>> or, if we want, implement validated merge with help of ci.jenkins.io. >>> No special infrastructure required, and this is an advantage for us. There >>> are other implementations (including UpdateBot >>> <https://github.com/jenkins-x/updatebot> by Fabric8/Jenkins X which has >>> a Jenkins plugin), but it would require more efforts to deploy the >>> infrastructure. It could be considered in the future if we want to have >>> Jenkins-powered update management in the final implementation. >>> >>> My proposal would be to enable Dependabot for a *limited number* of >>> Jenkins repositories so that we can experiment with it. I propose to focus >>> on development tools and pre-1.0 projects only for now so that we can >>> experiment with flow without a risk of impact on components being used in >>> production in the Jenkins project. And we will be setting up auto-updates >>> only for projects with existing test automation. >>> >>> - Jenkinsfile Runner - Example PRs in my local repo >>> <https://github.com/oleg-nenashev/jenkinsfile-runner/pulls> >>> - ci.jenkins.io-runner - Example PRs >>> <https://github.com/jenkinsci/ci.jenkins.io-runner/pulls> (bot was >>> disabled after moving the repo) >>> - plugin-pom - Example PRs in my local repo >>> <https://github.com/oleg-nenashev/plugin-pom/pulls> >>> - maven-hpi-plugin - Example PRs in my local Repo >>> <https://github.com/oleg-nenashev/maven-hpi-plugin/pulls> >>> >>> More repositories can be added if somebody is interested to participate >>> in the Dependabot evaluation. If there is a positive feedback after the >>> initial evaluation, we could proceed with creating a JEP to define the flow >>> and the usage/administration policies. >>> >>> What do you think? >>> >>> Thanks in advance, >>> Oleg >>> >>> -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/e6357551-d6ac-4b1f-b9b4-1fd55a3a16cc%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-dev/e6357551-d6ac-4b1f-b9b4-1fd55a3a16cc%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS5CmNifB6buiv%3DYy84x-sekMmznu6Ct941EY8KLXg%2BhRA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
