haskell-language-server icon indicating copy to clipboard operation
haskell-language-server copied to clipboard

Published 20 hours ago verified publisher icon haskell

auto-approve Dependabot PRs

Open peterbecich opened this issue 5 months ago • 5 comments

Suggestion to auto-approve Dependabot PRs

Copied from: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#approve-a-pull-request

all Dependabot PRs: https://github.com/haskell/haskell-language-server/pulls?q=is%3Apr+author%3Aapp%2Fdependabot+

This will not auto-merge Dependabot PRs; that's documented here: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request

peterbecich avatar Jan 28 '24 05:01 peterbecich

Just a heads up that I recently saw some version bump reverts recently, so it might not be good idea to always "blindly" accept changes to latest version. Example https://github.com/haskell/haskell-language-server/commit/01413e19e9cd515196dd329793f9bd2235c6d1e0

Maybe @wz1000 can comment in on this PR too?

jhrcek avatar Jan 28 '24 05:01 jhrcek

Good point, another example https://github.com/haskell/haskell-language-server/pull/3815#issuecomment-1733697453

peterbecich avatar Jan 28 '24 07:01 peterbecich

yes, we can't make any bumps that require upgrading node as the node 20 binaries it pulls in don't work on distributions with older GLIBC versions, which we need to build release binaries.

wz1000 avatar Jan 28 '24 16:01 wz1000

Yeah, in normal times this would be useful, but at the moment we are a bit blocked. Perhaps we can explicitly tell dependabot not to update those things for now?

@wz1000 do we have any way to ever get past this problem?

michaelpj avatar Jan 28 '24 18:01 michaelpj

I don't know, perhaps we can convince it to get nodejs binaries from a different source where they are compiled with older GLIBC support.

wz1000 avatar Jan 28 '24 18:01 wz1000