Add dependabot and templates #228
Conversation
There was a problem hiding this comment.
Some typos (e.g. tempaltes, PULL_REQUESt_TEMPLATE), and I'd like to take advantage of https://github.blog/2023-08-24-a-faster-way-to-manage-version-updates-with-dependabot/ before we open the floodgates.
nwneisen
force-pushed
the
add-dependabot
branch
from
b27b2a0
to
9ea278a
Compare
nwneisen
force-pushed
the
add-dependabot
branch
from
9ea278a
to
d03c02d
Compare
|
That sounds like a good idea to me. Any thoughts on the groups we should use? I'm thinking maybe |
|
We definitely shouldn't be bumping K8s or Docker in anger, they're both complex and painful to vendor, and issues in them should be highly visible to us given their role in the ecosystem. I'm good with a single group for our transient/lesser dependencies. |
nwneisen
force-pushed
the
add-dependabot
branch
from
98af956
to
9db65a7
Compare
| - "*" | ||
| # Skip docker and k8 dependencies. We want to manually keep an eye on these | ||
| exclude-patterns: | ||
| - "*/docker/*" |
There was a problem hiding this comment.
Since the order looks arbitrary here, can we group docker with moby, and put opencontainers after?
Otherwise, LGTM 👍
There was a problem hiding this comment.
I'm going with that you meant groups within the exclude patterns and not actual dependabot groups
|
@neersighted I had one other thought on the docker and k8s dependencies. Would we like a dependabot group for them with you and I as required reviewers as a friendly reminder that there is a change in one of them? We could set it up to only run once a month or less and it would get an initial CI run out of the way so have a better idea of any work needed to update. |
Add dependabot to the repo to help keep dependencies up to date
Add templates to (hopefully) get consistent information in issues and PRs