Bas Spitters (Jul 31 2022 at 12:46): Bas Spitters (Jul 31 2022 at 12:46):I thought I've seen coq projects using dependabot to automatically update dependencies (after a CI check of course).
However, I cannot immediately find a description of good practices. Am I looking in the wrong place?
Gaëtan Gilbert (Jul 31 2022 at 12:49):don't use dependabot if you have forks as it will spam pull requests on them
Théo Zimmermann (Jul 31 2022 at 15:24):The only case of a project using dependabot that I know in the Coq ecosystem is https://github.com/coq-community/coq-performance-tests. It it used to bump GitHub Actions, not Coq dependencies.
Bas Spitters (Jul 31 2022 at 19:05):I believe I was confused because hacspec is using it.
@Gaëtan Gilbert that's interesting, I guess there's no way to disable that.
Gaëtan Gilbert (Jul 31 2022 at 19:57):see also https://github.com/dependabot/dependabot-core/issues/2198
Jason Gross (Aug 08 2022 at 11:42):don't use dependabot if you have forks as it will spam pull requests on them
I think that's only for forks created before dependabot was added?
Gaëtan Gilbert (Aug 08 2022 at 11:45):I don't know if that's true, even if it is it doesn't change that it spams some forks
Jason Gross (Aug 14 2022 at 16:59):https://github.com/dependabot/dependabot-core/issues/2804#issuecomment-737781797
Ali Caglayan (Aug 24 2022 at 13:19):It looks unlikely that it will be a priority fix.
Last updated: Jun 03 2023 at 04:30 UTC