Stream: Coq Platform devs & users

Topic: dependabot


view this post on Zulip Bas Spitters (Jul 31 2022 at 12:46):

I thought I've seen coq projects using dependabot to automatically update dependencies (after a CI check of course).
However, I cannot immediately find a description of good practices. Am I looking in the wrong place?

view this post on Zulip Gaëtan Gilbert (Jul 31 2022 at 12:49):

don't use dependabot if you have forks as it will spam pull requests on them

view this post on Zulip Théo Zimmermann (Jul 31 2022 at 15:24):

The only case of a project using dependabot that I know in the Coq ecosystem is https://github.com/coq-community/coq-performance-tests. It it used to bump GitHub Actions, not Coq dependencies.

view this post on Zulip Bas Spitters (Jul 31 2022 at 19:05):

I believe I was confused because hacspec is using it.
@Gaëtan Gilbert that's interesting, I guess there's no way to disable that.

view this post on Zulip Gaëtan Gilbert (Jul 31 2022 at 19:57):

see also https://github.com/dependabot/dependabot-core/issues/2198

view this post on Zulip Jason Gross (Aug 08 2022 at 11:42):

don't use dependabot if you have forks as it will spam pull requests on them

I think that's only for forks created before dependabot was added?

view this post on Zulip Gaëtan Gilbert (Aug 08 2022 at 11:45):

I don't know if that's true, even if it is it doesn't change that it spams some forks

view this post on Zulip Jason Gross (Aug 14 2022 at 16:59):

https://github.com/dependabot/dependabot-core/issues/2804#issuecomment-737781797

view this post on Zulip Ali Caglayan (Aug 24 2022 at 13:19):

It looks unlikely that it will be a priority fix.


Last updated: Jan 30 2023 at 11:03 UTC