image-builder icon indicating copy to clipboard operation
image-builder copied to clipboard
verified publisher icon kubernetes-sigs

add dependabot to image builder repo

Open nawazkh opened this issue 1 year ago • 5 comments

Change description

  • This PR adds dependabot to image-builder repo.

Related issues

Additional context

nawazkh avatar Aug 08 '24 16:08 nawazkh

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please assign mboersma for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot avatar Aug 08 '24 16:08 k8s-ci-robot

Not sure if I am missing any context on why dependabot was not added to this repo, so creating this PR to add it.

nawazkh avatar Aug 08 '24 16:08 nawazkh

/cc @mboersma @jsturtevant @jackfrancis

nawazkh avatar Aug 08 '24 16:08 nawazkh

There's some background context in this issue: https://github.com/kubernetes-sigs/image-builder/issues/1283

Could you please include examples of what updates dependabot will generate for us? What versions will be covered, what wont?

AverageMarcus avatar Aug 08 '24 17:08 AverageMarcus

Thank you for sharing the context @AverageMarcus. It is an interesting challenge to update various hardcoded semver-versions along with dependabot version updates.

I have an idea, not sure how viable, but here it is: (I will mark this PR draft to avoid notification churn)

  • Configure dependabot to update versions in package-manager. In our case, say Dependabot updates a dependency in Dockerfile.
  • Have a script that scans all the dirs for below files and find dependencies variables, replace them with latest version in the same Dependabot's PR(this can be achieved using GitHub actions).
    • *.json
    • .hcl
    • *.sh

Marking this PR WIP and push changes soon. Thanks!

nawazkh avatar Aug 08 '24 20:08 nawazkh

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle stale
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Nov 06 '24 20:11 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Mark this PR as fresh with /remove-lifecycle rotten
  • Close this PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Dec 06 '24 21:12 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

k8s-triage-robot avatar Jan 05 '25 22:01 k8s-triage-robot

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-ci-robot avatar Jan 05 '25 22:01 k8s-ci-robot