frigate icon indicating copy to clipboard operation
frigate copied to clipboard
Published 1 month ago verified publisher icon blakeblackshear

Auto approve dependabot PRs

Open felipecrs opened this issue 3 years ago • 3 comments

This repository requires at least one approval before merging, enabling auto-merge isn't enough. I hope this works. :)

felipecrs avatar Jan 18 '23 12:01 felipecrs

Deploy Preview for frigate-docs ready!

Name Link
Latest commit 3ba3b5ed08c623a8e8af752ca0083d2fe3a0fb15
Latest deploy log https://app.netlify.com/sites/frigate-docs/deploys/63c7e5a3482f820008445a00
Deploy Preview https://deploy-preview-5147--frigate-docs.netlify.app
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

netlify[bot] avatar Jan 18 '23 12:01 netlify[bot]

I am going to wait on this until after we release 0.12.0. I want to minimize volatility even for dev dependencies for now.

blakeblackshear avatar Jan 20 '23 13:01 blakeblackshear

Sure, ok.

felipecrs avatar Jan 20 '23 13:01 felipecrs

I'm a little concerned what dependabot will do with the TensorRT and Cuda libraries. These may need to be reworked a little bit at some point. So far GPU compatibility with the 0.12 betas seems to be pretty good, except for a few questions around some of the UnRaid drivers. We'll want to be careful not to drop compatibility with any of the Cuda upgrades?

NateMeyer avatar Feb 01 '23 03:02 NateMeyer

But they are not dev dependencies, are they? This workflow only auto approves minor upgrades of dev deps.

felipecrs avatar Feb 01 '23 04:02 felipecrs

But they are not dev dependencies, are they? This workflow only auto approves minor upgrades of dev deps.

Ah, didn't realize this was just for dev. Where is that determined which packages are development?

NateMeyer avatar Feb 01 '23 04:02 NateMeyer

I think dependabot takes into account the name of the requirements file, like requirements-dev.txt.

felipecrs avatar Feb 01 '23 12:02 felipecrs

Well apparently dependabot only supports requirements.txt and no other file. I suppose it will treat it as a production dependency.

The way would be to convert to something like Poetry, with pyproject.toml that have different sections for production and development dependencies like npm does.

felipecrs avatar Feb 01 '23 12:02 felipecrs

@felipecrs I just switched some of our projects to renovate to accomplish some of this (while also supporting pre-commit and poetry the like). It's not native, though it is available to public projects. (Not affiliated, just mentioning)

CoMPaTech avatar Apr 17 '23 21:04 CoMPaTech

@CoMPaTech yeah, Renovate is million times better and allows us to upgraded way more dependencies than just Python or Node.js ones (like go2rtc, nginx in Dockerfile for example).

I would advise everyone to use Renovate, but on the other hand the entry barrier is higher than dependabot, since dependabot is from GitHub.

felipecrs avatar Apr 17 '23 22:04 felipecrs