Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci(deps): group Dependabot updates by devDeps vs prod deps #12890

Merged
merged 1 commit into from May 2, 2024
Merged

ci(deps): group Dependabot updates by devDeps vs prod deps #12890

merged 1 commit into from May 2, 2024

Conversation

agilgur5
Copy link
Member

@agilgur5 agilgur5 commented Apr 4, 2024

Follow-up to #12887 (comment) part 2

Motivation

  • generally, security updates for prod deps should be backported, while devDeps are not strictly necessary
    • so splitting these is helpful for cherry-picking, especially if there might be conflicts (which may be more likely with devDeps and build chain changes)

Modifications

  • add two groups to NPM (the only one where have a devDeps/prod deps split) to split devDeps and deps

Verification

@agilgur5
ci(deps): group Dependabot updates by devDeps vs prod deps
78c1856 
- per https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups
  - note that `applies-to` is necessary as it defaults to `version-updates` per the docs
    - I thought it would default to _both_, but they seem to be mutually exclusive in `applies-to`? we don't use `version-updates` in any case though

- generally, security updates for prod deps should be backported, while devDeps are not strictly necessary
  - so splitting these is helpful for cherry-picking, especially if there might be conflicts (which may be more likely with devDeps and build chain changes)

Signed-off-by: Anton Gilgur <agilgur5@gmail.com>
@agilgur5 agilgur5 added the area/build Build or GithubAction/CI issues label Apr 4, 2024
This was referenced Apr 4, 2024
Closed
Merged
@agilgur5 agilgur5 merged commit 6ea4420 into argoproj:main May 2, 2024
15 checks passed
@agilgur5 agilgur5 deleted the ci-deps-dependabot-split-devDeps branch May 2, 2024 02:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@isubasinghe isubasinghe isubasinghe approved these changes

Assignees
No one assigned
Labels
area/build Build or GithubAction/CI issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@agilgur5 @isubasinghe