Hi Michael, Thanks for the quick investigation. I have reviewed some of the PRs generated in your fork by dependabot. The detailed information it collects and adds to the PR is really good.
I do notice that some dependencies (such as cmocka) are picking up the wrong content. I think this is an issue with the cmocka mirror that needs to be fixed. We need to review all the dependencies in edk2 repo and make sure all those dependencies are compatible with dependabot before activating it. Given that any developer can submit a PR to run EDK II CI, perhaps we do not need to treat dependabot any different. Just keep its default labels and do not add a do-not-merge label or special comments from mergify. Instead, we can depend on EDK II Maintainers to periodically monitor dependabot PRs and if there is one edk2 should pick up, the EDK II Maintainer that owns the package with the dependency can pull the dependebot PR into their fork and update the commit message with Signed-off-by and Cc tags for EDK II review and resubmit the PR and send email patch reviews. If you think this process is reasonable, then we can update the EDK II Development Process for this case for Maintainers. I think this means your V1 is closer to what we need. I recommend you bring this topic along with Maintainer process options and know edk2 dependabot compatibility issues to the TianoCore Tools/CI meeting. Thanks, Mike From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael Kubacki Sent: Friday, November 11, 2022 7:30 AM To: Kinney, Michael D <michael.d.kin...@intel.com>; devel@edk2.groups.io Subject: Re: [edk2-devel] [PATCH v1 1/1] .github/dependabot.yml: Enable dependabot Hi Mike, It looks like the ability to open draft PRs is not possible at the moment: Configure dependabot to create draft PRs · Issue #1291 · dependabot/dependabot-core · GitHub<https://github.com/dependabot/dependabot-core/issues/1291> I could not find an ability for dependabot to leave that comment. Though I intentionally tried to keep it very similar in the mergify config file to the merge conflict comment action to reduce complexity. Thanks for the feedback. Please let me know, if we can proceed with v2 based on these changes. Regards, Michael -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#96313): https://edk2.groups.io/g/devel/message/96313 Mute This Topic: https://groups.io/mt/94935824/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
