+1 > On Aug 27, 2019, at 9:50 AM, 'Gavin Mogan' via Jenkins Developers > <[email protected]> wrote: > > Hey Ya'll, > > tl;dr - Make sure project > scm > url is set to github, (example > https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/pom.xml#L41 > > <https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/pom.xml#L41>) > > --- > > I thought I'd share my limited findings with all of your. A couple weeks ago > I contacted dependabot support to try and find out why some javascript > modules had changelogs/release notes mentioned. I got a bunch of good > responses back, and nudged them to document this info publicly. > > But for now, I share what I learned. > > Dependabot has a lot of open source code, including how it processes module > metadata. > > https://github.com/dependabot/dependabot-core/blob/e654f214a932672d8ac0ea428ef9d672ac5bba33/maven/lib/dependabot/maven/metadata_finder.rb#L52 > > <https://github.com/dependabot/dependabot-core/blob/e654f214a932672d8ac0ea428ef9d672ac5bba33/maven/lib/dependabot/maven/metadata_finder.rb#L52> > > It loops through a bunch of properties inside the maven pom file, project > > url (which should point at wiki/plugins site for us), project > scm > url > (which right place to set it), and lastly project > issueManagement > url > (which probably defaults to jira) > > When that url is set right, dependabot knows where to pull information from. > See https://github.com/jenkinsci/ci.jenkins.io-runner/pull/192 > <https://github.com/jenkinsci/ci.jenkins.io-runner/pull/192> as a good > example. > > It'll list the commits between tags. Release Notes if you use github releases > (release drafter makes that easy) and Changelog if it can find a changelog > file in the repo. I can go into more details about this if people want. > > But I strongly recommend at least setting up project > scm > url, and either > a changelog file, or preferably release notes for releases. > > That'll make other plugin authors know if its worth upgrading/what > potentially might break when getting a dependabot PR. > > Thanks, > Gavin > > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DutPg%3DDD8ZseEW1i6VZJ-QMjK0aGs%2BaC34jeDR9u-OOj7w%40mail.gmail.com > > <https://groups.google.com/d/msgid/jenkinsci-dev/CAG%3D_DutPg%3DDD8ZseEW1i6VZJ-QMjK0aGs%2BaC34jeDR9u-OOj7w%40mail.gmail.com?utm_medium=email&utm_source=footer>.
-- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/3525D81F-BBC2-4CAF-9A47-ACE4F2C4FE64%40gmail.com.
