Skip to content
This repository has been archived by the owner on Apr 21, 2022. It is now read-only.

To automate upgrade of third-party dependencies #120

Open
oscard0m opened this issue Apr 18, 2020 · 5 comments
Open

To automate upgrade of third-party dependencies #120

oscard0m opened this issue Apr 18, 2020 · 5 comments

Comments

@oscard0m
Copy link
Contributor

oscard0m commented Apr 18, 2020
edited

Opening a new issue here since I did not find an official ISSUE_TEMPLATE (checking the one on @pika/pack addressed me to pika community https://www.pika.dev/npm/@pika/plugin-standard-pkg/)

I would like to discuss a proposal to automate or improve at least the maintainance of some 3rd party dependencies (like @types/*) on the packages of this project.

Promoter of the issue: #119

Thanks
@FredKSchott
Copy link
Owner

happy to accept a PR that implements this

@oscard0m
Copy link
Contributor Author

oscard0m commented Apr 25, 2020
edited

The approach I would follow is to rely on a third party GitHub App to manage this automatically. The ones I know are:

Since Greenkeeper it's no longer Open Source I would go for Dependabot or Renovate. Between Renovate and Dependabot no preferences.

At my company we are using Renovate because it allows you to self host the app and do fancy stuff but for a simple use case both work.

Also, GitHub acquired Dependabot so probably will fit nicely in the near future.

I can't open a pull request for the moment since this is a matter of installing the Github App but I can give you guidance on that if you like the approach.

Thanks @FredKSchott !

@oscard0m
Copy link
Contributor Author

oscard0m commented Jun 5, 2020

Hi @FredKSchott, Github released full integration with dependabot. With just a couple of clicks the update dependencies automation can be solved. Just FYI :)

@oscard0m oscard0m reopened this Aug 29, 2020
@ayuhito
Copy link

ayuhito commented May 21, 2021
edited

@FredKSchott, @oscard0m - Thoughts on Depfu as the dependency manager instead? Looking at PRs right now... we've got a full page of just dependency updates polluting everything. Approving all of them one by one is time-consuming and I'm sure no one really wants to do that.

Depfu supports grouped updates, which could be scheduled on a weekly/bi-weekly/monthly basis and if you wish, can also auto-merge if all tests pass (although I personally just manually review since it's more of a monthly chore). Grouped updates would make everything far easier to manage.

I just would think that would make things far more manageable in this repo. :)

@oscard0m
Copy link
Contributor Author

oscard0m commented Aug 1, 2021
edited

@FredKSchott, @oscard0m - Thoughts on Depfu as the dependency manager instead? Looking at PRs right now... we've got a full page of just dependency updates polluting everything. Approving all of them one by one is time-consuming and I'm sure no one really wants to do that.

Depfu supports grouped updates, which could be scheduled on a weekly/bi-weekly/monthly basis and if you wish, can also auto-merge if all tests pass (although I personally just manually review since it's more of a monthly chore). Grouped updates would make everything far easier to manage.

I just would think that would make things far more manageable in this repo. :)

I would be happy to give it a try, sure! I'm not sure of @FredKSchott thoughts and availability though

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@FredKSchott @oscard0m @ayuhito