IntelOwl icon indicating copy to clipboard operation
IntelOwl copied to clipboard
verified publisher icon intelowlproject

Management of dependencies edge cases

Open fgibertoni opened this issue 11 months ago • 10 comments

We have some dependencies that do not follow a strict versioning scheme or have some special usage. More about them can be found in @mlodic's https://github.com/intelowlproject/IntelOwl/pull/2736 mostly in code comments of edited files.

Another approach would be to create some GitHub workflows that are triggered by commits or releases on mentioned repositories. These workflow can then open PRs just like dependabot.

Let us know if any ideas come up and we can discuss them in this issue 😄

fgibertoni avatar Feb 14 '25 16:02 fgibertoni

The workflow idea sounds neat! Tho one problem would be how to figure out version bumps for repos that don't make new releases.

ashknl avatar Feb 20 '25 13:02 ashknl

You're right. My idea could be implemented as a polling (once a week like dependabot maybe ?) to the external repository to check for new pushes to main branch. What do you think about that ?

fgibertoni avatar Feb 21 '25 16:02 fgibertoni

Polling once a week seems good. We might have to also consider the fact that not all pushes will be code changes.

ashknl avatar Feb 23 '25 15:02 ashknl

Would you like to try implementing the approach we discussed ? 😄

fgibertoni avatar Feb 24 '25 10:02 fgibertoni

I would love to! I am new to the intelowl project tho, so it might take me a while to learn the codebase and the contribution workflow.

ashknl avatar Feb 25 '25 15:02 ashknl

That's not a problem at all! I can assign this issue to you and we have no time limits. We only ask for ping once every two weeks to be sure that the issue is not being abandoned by the assignee. Also, you can open a draft PR and ask for help if something is missing from the doc or you're having some trouble. Lmk if you're up for this 😉

fgibertoni avatar Feb 26 '25 07:02 fgibertoni

I am up for it then! Fwiw, a github workflow that runs on a commit/code push to main (or a release for the repos that do make one) is the expected PR for this, right?

ashknl avatar Feb 26 '25 15:02 ashknl

Yeah it should be good in my opinion. I think you'll have to go through each repository to see how they release code and adapt the workflow for the requirement. I'll assign this to you! Let us know if you're in doubt 😄

fgibertoni avatar Feb 27 '25 07:02 fgibertoni

This issue has been marked as stale because it has had no activity for 10 days. If you are still working on this, please provide some updates.

github-actions[bot] avatar Mar 11 '25 09:03 github-actions[bot]

This issue has been marked as stale because it has had no activity for 10 days. If you are still working on this, please provide some updates.

github-actions[bot] avatar Apr 10 '25 09:04 github-actions[bot]