Hi Baptiste, the requested repositories have been added. @All I also added the Plugin Compat Tester and Custom WAR Packager repositories
- https://github.com/jenkinsci/custom-war-packager - https://github.com/jenkinsci/plugin-compat-tester Both of them are development tools, so it should be ok. Best regards, Oleg On Wednesday, February 27, 2019 at 2:04:43 PM UTC+1, Baptiste Mathus wrote: > > Thanks for driving this Oleg! > > I'm in for the plugins I'm maintaining: > > - https://github.com/jenkinsci/buildtriggerbadge-plugin/ > - https://github.com/jenkinsci/chucknorris-plugin > - https://github.com/jenkinsci/versioncolumn-plugin > - https://github.com/jenkinsci/parameterized-scheduler-plugin > > If I can add them myself, feel free to just point me to some link/docs, > and I'll handle it myself. > Thanks! > > -- Baptiste > > Le lun. 25 févr. 2019 à 14:35, Oleg Nenashev <[email protected] > <javascript:>> a écrit : > >> Hi all, >> >> I have enabled Dependabot and added the requested components. Enjoy the >> PR notifications in your Inbox :) >> >> I have also started a Google Doc >> <https://docs.google.com/document/d/1hRrH8PSCswBQgY_Q-7eHCHCVZHJOl4XgQQCswdUmpKY/edit?usp=sharing> >> >> where everybody is welcome to put comments/feedback about the evaluation. >> It should help us to discuss the experienced issues and to create best >> practices/policies in the future JEPs. >> >> Hi Ulli and Joseph, >> >> As discussed above, there is a preference to limit the testing scope to >> development tools and to plugins with low usage numbers for now. I have >> added "analysis-model" and "vstestrunner" components for now, but I would >> prefer to wait a bit before we add other plugins. >> >> BR, Oleg >> >> >> On Friday, February 22, 2019 at 11:55:23 PM UTC+1, Joseph P wrote: >>> >>> Please enable it for >>> >>> * bitbucket-branch-source-plugin >>> * mstest-plugin >>> * vstestrunner-plugin >>> >>> On Thursday, February 21, 2019 at 2:43:48 PM UTC+1, Oleg Nenashev wrote: >>>> >>>> Dear all, >>>> >>>> I would like to follow-up on the Dependabot request from Jesse Glick in >>>> INFRA-1975 <https://issues.jenkins-ci.org/browse/INFRA-1975>. >>>> Dependabot <https://dependabot.com/> is a service for automated >>>> dependency updates which supports many languages/tools, including Maven, >>>> Docker and Gradle which are being heavily used in Jenkins. >>>> >>>> Dependency management is a problem in Jenkins, because we have hundreds >>>> of repositories with many dependencies there. Maintainers spend a lot of >>>> time on managing dependencies, and sometimes it leads to ancient >>>> dependencies in components. Especially in the development tools which >>>> "just >>>> work". By automating dependency updates we could give maintainers more >>>> time >>>> to focus on other tasks. >>>> >>>> Dependabot is one of the engines we could use for dependency >>>> management. It is free for open-source projects, and it is a SaaS >>>> application which can be almost completely managed from GitHub. It can >>>> just >>>> create pull requests or, if we want, implement validated merge with help >>>> of >>>> ci.jenkins.io. No special infrastructure required, and this is an >>>> advantage for us. There are other implementations (including UpdateBot >>>> <https://github.com/jenkins-x/updatebot> by Fabric8/Jenkins X which >>>> has a Jenkins plugin), but it would require more efforts to deploy the >>>> infrastructure. It could be considered in the future if we want to have >>>> Jenkins-powered update management in the final implementation. >>>> >>>> My proposal would be to enable Dependabot for a *limited number* of >>>> Jenkins repositories so that we can experiment with it. I propose to focus >>>> on development tools and pre-1.0 projects only for now so that we can >>>> experiment with flow without a risk of impact on components being used in >>>> production in the Jenkins project. And we will be setting up auto-updates >>>> only for projects with existing test automation. >>>> >>>> - Jenkinsfile Runner - Example PRs in my local repo >>>> <https://github.com/oleg-nenashev/jenkinsfile-runner/pulls> >>>> - ci.jenkins.io-runner - Example PRs >>>> <https://github.com/jenkinsci/ci.jenkins.io-runner/pulls> (bot was >>>> disabled after moving the repo) >>>> - plugin-pom - Example PRs in my local repo >>>> <https://github.com/oleg-nenashev/plugin-pom/pulls> >>>> - maven-hpi-plugin - Example PRs in my local Repo >>>> <https://github.com/oleg-nenashev/maven-hpi-plugin/pulls> >>>> >>>> More repositories can be added if somebody is interested to participate >>>> in the Dependabot evaluation. If there is a positive feedback after the >>>> initial evaluation, we could proceed with creating a JEP to define the >>>> flow >>>> and the usage/administration policies. >>>> >>>> What do you think? >>>> >>>> Thanks in advance, >>>> Oleg >>>> >>>> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/e6357551-d6ac-4b1f-b9b4-1fd55a3a16cc%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-dev/e6357551-d6ac-4b1f-b9b4-1fd55a3a16cc%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/4559b7b9-c61f-4488-adfd-4c9c4ff91763%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
