Roll up dependabot GHA updates into one PR #380
Conversation
|
I will automatically update this comment whenever this PR is modified |
MattF-NSIDC
changed the title
There was a problem hiding this comment.
I didn't do this because I find dependency issues much easier to catch and work through in isolated PRs. With a monthly cadence and the lower number of actions compared to pip dependencies, I didn't think this would be a significant burden outside of when we first turn it on.
That said, I'm probably going to be the least-frequent dependabot reviewer/merger^ so I'm going to approve and leave it up to you.
^My team likes daily cadence and individual PRs and that's entirely too much so I've effectively been trained now to ignore dependabot PRs and let them handle it.
|
Found the prior PR on the subject, but unfortunately, it doesn't include discussion: #340 I searched on Slack for our discussion on this subject and turned up nothing. Possibly lost in the 90-day void. 😭
That's the concern that came up in our prior discussions. We (@betolink , @jrbourbeau, I think ?) acknowledged we have well over 100 closed dependabot PRs and were training ourselves to ignore them (https://github.com/nsidc/earthaccess/pulls?q=is%3Apr+is%3Aclosed+author%3Aapp%2Fdependabot+).
I see the value there! With GitHub Actions, the number of dependencies is much smaller, so maybe handling them individually would be easy. Honestly, I don't feel strongly and am OK with closing this PR if someone else feels strongly. I'd like it if that person who feels strongly (if there is one) helps us get through the initial flood of PRs :) |
If anyone approves, please also merge :)