Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin crate versions #77

Merged
merged 1 commit into from
Jul 21, 2023
Merged

Pin crate versions #77

merged 1 commit into from
Jul 21, 2023

Conversation

senekor
Copy link
Contributor

@senekor senekor commented Jul 20, 2023

closes #37

This is picking up where #40 left off, essentially replacing the script & github action to update the dependencies with a dependabot config.

I've never made a dependabot config, so this is just what I think should work based on reading these docs.

@senekor senekor requested a review from a team as a code owner July 20, 2023 20:57
senekor
senekor commented Jul 20, 2023
View reviewed changes
local-registry/Cargo.toml
watch = "0.2.3"
workerpool = "1.2.0"
xvii = "0.4.1"
z3 = "0.11.1"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The actual latest version here is 0.11.2, I downgraded it as a sanity check. If this PR is merged, dependabot should open a PR bumping this version.

.github/dependabot.yml
- all:
patterns:
- "*"
versioning-strategy: 'increase'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/local-registry is likely going to be detected as a library by dependabot, in which case it doesn't update as aggressively as for applications. This forces the most eager update strategy.

.github/dependabot.yml
Comment on lines +8 to +13
schedule:
interval: 'weekly'
groups:
- all:
patterns:
- "*"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should reduce the noise, maximum 1 PR per week. I see no reason to update separate crate versions in individual PRs.

@senekor
Copy link
Contributor Author

senekor commented Jul 20, 2023

@dhovart thanks for doing most of the work here a while back, feel free to chime in 🙂

@dhovart
Copy link
Contributor

dhovart commented Jul 21, 2023

@dhovart thanks for doing most of the work here a while back, feel free to chime in 🙂

Thanks for taking care of this! And continuing where I left.
I'm not familiar with configuring dependabot but with your explanations looks good to me :)

This was referenced Jul 21, 2023
Closed
Closed
@senekor senekor merged commit b00b212 into main Jul 21, 2023
@senekor senekor deleted the pin-crate-versions branch July 21, 2023 12:11
@senekor senekor mentioned this pull request Jul 23, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ErikSchierboom ErikSchierboom ErikSchierboom approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

List of supported crates should also include supported version(s)
3 participants
@senekor @dhovart @ErikSchierboom