Hi Baptiste, the requested repositories have been added. @All I also added the Plugin Compat Tester and Custom WAR Packager repositories
- https://github.com/jenkinsci/custom-war-packager - https://github.com/jenkinsci/plugin-compat-tester Both of them are development tools, so it should be ok. Best regards, Oleg On Wednesday, February 27, 2019 at 2:04:43 PM UTC+1, Baptiste Mathus wrote: > > Thanks for driving this Oleg! > > I'm in for the plugins I'm maintaining: > > - https://github.com/jenkinsci/buildtriggerbadge-plugin/ > - https://github.com/jenkinsci/chucknorris-plugin > - https://github.com/jenkinsci/versioncolumn-plugin > - https://github.com/jenkinsci/parameterized-scheduler-plugin > > If I can add them myself, feel free to just point me to some link/docs, > and I'll handle it myself. > Thanks! > > -- Baptiste > > Le lun. 25 févr. 2019 à 14:35, Oleg Nenashev <o.v.ne...@gmail.com > <javascript:>> a écrit : > >> Hi all, >> >> I have enabled Dependabot and added the requested components. Enjoy the >> PR notifications in your Inbox :) >> >> I have also started a Google Doc >> <https://docs.google.com/document/d/1hRrH8PSCswBQgY_Q-7eHCHCVZHJOl4XgQQCswdUmpKY/edit?usp=sharing> >> >> where everybody is welcome to put comments/feedback about the evaluation. >> It should help us to discuss the experienced issues and to create best >> practices/policies in the future JEPs. >> >> Hi Ulli and Joseph, >> >> As discussed above, there is a preference to limit the testing scope to >> development tools and to plugins with low usage numbers for now. I have >> added "analysis-model" and "vstestrunner" components for now, but I would >> prefer to wait a bit before we add other plugins. >> >> BR, Oleg >> >> >> On Friday, February 22, 2019 at 11:55:23 PM UTC+1, Joseph P wrote: >>> >>> Please enable it for >>> >>> * bitbucket-branch-source-plugin >>> * mstest-plugin >>> * vstestrunner-plugin >>> >>> On Thursday, February 21, 2019 at 2:43:48 PM UTC+1, Oleg Nenashev wrote: >>>> >>>> Dear all, >>>> >>>> I would like to follow-up on the Dependabot request from Jesse Glick in >>>> INFRA-1975 <https://issues.jenkins-ci.org/browse/INFRA-1975>. >>>> Dependabot <https://dependabot.com/> is a service for automated >>>> dependency updates which supports many languages/tools, including Maven, >>>> Docker and Gradle which are being heavily used in Jenkins. >>>> >>>> Dependency management is a problem in Jenkins, because we have hundreds >>>> of repositories with many dependencies there. Maintainers spend a lot of >>>> time on managing dependencies, and sometimes it leads to ancient >>>> dependencies in components. Especially in the development tools which >>>> "just >>>> work". By automating dependency updates we could give maintainers more >>>> time >>>> to focus on other tasks. >>>> >>>> Dependabot is one of the engines we could use for dependency >>>> management. It is free for open-source projects, and it is a SaaS >>>> application which can be almost completely managed from GitHub. It can >>>> just >>>> create pull requests or, if we want, implement validated merge with help >>>> of >>>> ci.jenkins.io. No special infrastructure required, and this is an >>>> advantage for us. There are other implementations (including UpdateBot >>>> <https://github.com/jenkins-x/updatebot> by Fabric8/Jenkins X which >>>> has a Jenkins plugin), but it would require more efforts to deploy the >>>> infrastructure. It could be considered in the future if we want to have >>>> Jenkins-powered update management in the final implementation. >>>> >>>> My proposal would be to enable Dependabot for a *limited number* of >>>> Jenkins repositories so that we can experiment with it. I propose to focus >>>> on development tools and pre-1.0 projects only for now so that we can >>>> experiment with flow without a risk of impact on components being used in >>>> production in the Jenkins project. And we will be setting up auto-updates >>>> only for projects with existing test automation. >>>> >>>> - Jenkinsfile Runner - Example PRs in my local repo >>>> <https://github.com/oleg-nenashev/jenkinsfile-runner/pulls> >>>> - ci.jenkins.io-runner - Example PRs >>>> <https://github.com/jenkinsci/ci.jenkins.io-runner/pulls> (bot was >>>> disabled after moving the repo) >>>> - plugin-pom - Example PRs in my local repo >>>> <https://github.com/oleg-nenashev/plugin-pom/pulls> >>>> - maven-hpi-plugin - Example PRs in my local Repo >>>> <https://github.com/oleg-nenashev/maven-hpi-plugin/pulls> >>>> >>>> More repositories can be added if somebody is interested to participate >>>> in the Dependabot evaluation. If there is a positive feedback after the >>>> initial evaluation, we could proceed with creating a JEP to define the >>>> flow >>>> and the usage/administration policies. >>>> >>>> What do you think? >>>> >>>> Thanks in advance, >>>> Oleg >>>> >>>> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to jenkinsci-de...@googlegroups.com <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/e6357551-d6ac-4b1f-b9b4-1fd55a3a16cc%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-dev/e6357551-d6ac-4b1f-b9b4-1fd55a3a16cc%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/4559b7b9-c61f-4488-adfd-4c9c4ff91763%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
