dependabot-script
dependabot-script copied to clipboard
dependabot
Some dependency updates
I used these changes to get the repo ready for testing a PR to dependabot-core.
@deivid-rodriguez sorry for the delay here, I officially joined the team recently and just got the proper perms over the weekend to be able to merge stuff to this repo.
Can you fix the CI failure and then I'll happily merge? https://github.com/dependabot/dependabot-script/runs/5640911064?check_suite_focus=true
@jeffwidman Unfortunately, I think it's impossible for me to get this PR green, because this repo's CI tries to run its own scripts against itself (potentially creating some PRs with dependency updates). This requires write access to the repository, and the default GITHUB_TOKEN does not have this kind of privilege on PRs from forks.
I think recreating the PR from a branch in the repository itself might do the trick.
As an alternative for the future, I think we can add a small tweak to the script to allow skipping the PR creation part, something like this
diff --git a/generic-update-script.rb b/generic-update-script.rb
index 29f2b65..09a6e42 100644
--- a/generic-update-script.rb
+++ b/generic-update-script.rb
@@ -206,6 +206,8 @@ dependencies.select(&:top_level?).each do |dep|
updated_files = updater.updated_dependency_files
+ next if ENV["NO_PULL_REQUEST"]
+
########################################
# Create a pull request for the update #
########################################
And then when a PR is run from a fork, run it with the env variable set.
Gotcha. Thanks for looking into this. Since this isn't urgent and will probably require some deeper investigation/design thought on CI, I'm going to let this one sit for a bit. There's a few things coming down the pipe that may change how we approach this, but those won't happen for a little bit... so letting this float until then is probably the best solution for now.