-
Notifications
You must be signed in to change notification settings - Fork 402
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automated dependency updates #1283
Comments
Dependabot would only help with the Dockerfile, and perhaps with tools such as Packer and Ansible if we were to put those in a |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/remove-lifecycle rotten |
An idea that came from this Slack thread is to have a periodic job that fetches the latest URLs and also fetches the checksums and generates a PR with the changes. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
I'd still like this eventually /remove-lifecycle rotten |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/remove-lifecycle rotten |
We've had several PRs lately to bump versions of various dependencies that we've noticed have become several versions out of date. We tend to do this on an ad-hoc basis when we remember to or someone needs a new feature from a dependency.
Because of this, we often find out quite a bit later about breaking changes in dependencies that we then need to also resolve at the same time as trying to update everything.
To avoid this I think it would be useful to introduce automated dependency updates on the repo so that we get new PRs every time a new version of something is available and we can then test change version bump in isolation from any other changes.
I recommend using Renovate to handle this as its free for public repos and is extremely configurable. There are also alternatives such as Dependabot but I'm less familiar with those so couldn't say for sure if they meet all our requirements.
We have versions configured in several different places so we'd need a solution that could handle the following:
Ideally, we'd also need a solution that supported updating the associated SHA256 values as well as the version but as of now I'm not aware of any tools that can handle that. [Renovate feature request]
The text was updated successfully, but these errors were encountered: