dependabot-core icon indicating copy to clipboard operation
dependabot-core copied to clipboard
verified publisher icon dependabot

Group prod dependencies for Ruby

Open abdulapopoola opened this issue 2 years ago • 4 comments

abdulapopoola avatar Jan 18 '24 20:01 abdulapopoola

We don't usually get many regressions when updating updater dependencies, so this may be fine and allow us to stay more up to date.

Unfortunately since I introduced the root Gemfile & Gemfile.lock, Dependabot PRs for updater/ require manual amendment because both Gemfile and updater/Gemfile use dependencies in dependabot-common. However, those get currently bumped in updater/Gemfile.lock, but not in the root Gemfile.lock, and CI complains about that. So one needs to run bundle lock and amend Dependabot PRs with the updates that creates.

This is a limitation of Dependabot that will be fixed once multi-directory version-updates are supported.

deivid-rodriguez avatar Jan 18 '24 20:01 deivid-rodriguez

Just to clarify, I'm in favor of trying this! Just wanted to explain in my other comment that updater PRs currently require a bit of extra work and are not mergeable as is.

Can this be automated with a dedicated workflow?

yeikel avatar Jan 24 '24 02:01 yeikel

This is a limitation of Dependabot that will be fixed once multi-directory version-updates are supported.

Is this no longer a blocker now that we've shipped https://github.blog/changelog/2024-06-25-simplified-dependabot-yml-configuration-with-multi-directory-key-directories-and-wildcard-glob-support/ ?

jeffwidman avatar Jun 27 '24 22:06 jeffwidman

Yep, I think it should be better now with multi-directory updates 👍.

deivid-rodriguez avatar Jun 28 '24 06:06 deivid-rodriguez