I think that process is reasonable and we can discuss further in the
upcoming Tools & CI meeting.
For now, I will leave the v1 patch on the mailing list and keep those
other commits up for reference.
Thanks,
Michael
On 11/11/2022 1:44 PM, Michael D Kinney wrote:
Hi Michael,
Thanks for the quick investigation.I have reviewed some of the PRs
generated in your fork by dependabot.The detailed information it
collects and adds to the PR is really good.
I do notice that some dependencies (such as cmocka) are picking up the
wrong content.I think this is an issue with the cmocka mirror that needs
to be fixed.We need to review all the dependencies in edk2 repo and make
sure all those dependencies are compatible with dependabot before
activating it.
Given that any developer can submit a PR to run EDK II CI, perhaps we do
not need to treat dependabot any different.Just keep its default labels
and do not add a do-not-merge label or special comments from mergify.
Instead, we can depend on EDK II Maintainers to periodically monitor
dependabot PRs and if there is one edk2 should pick up, the EDK II
Maintainer that owns the package with the dependency can pull the
dependebot PR into their fork and update the commit message with
Signed-off-by and Cc tags for EDK II review and resubmit the PR and send
email patch reviews.If you think this process is reasonable, then we can
update the EDK II Development Process for this case for Maintainers.
I think this means your V1 is closer to what we need.
I recommend you bring this topic along with Maintainer process options
and know edk2 dependabot compatibility issues to the TianoCore Tools/CI
meeting.
Thanks,
Mike
*From:*devel@edk2.groups.io <devel@edk2.groups.io> *On Behalf Of
*Michael Kubacki
*Sent:* Friday, November 11, 2022 7:30 AM
*To:* Kinney, Michael D <michael.d.kin...@intel.com>; devel@edk2.groups.io
*Subject:* Re: [edk2-devel] [PATCH v1 1/1] .github/dependabot.yml:
Enable dependabot
Hi Mike,
It looks like the ability to open draft PRs is not possible at the moment:
Configure dependabot to create draft PRs · Issue #1291 ·
dependabot/dependabot-core · GitHub
<https://github.com/dependabot/dependabot-core/issues/1291>
I could not find an ability for dependabot to leave that comment. Though
I intentionally tried to keep it very similar in the mergify config file
to the merge conflict comment action to reduce complexity.
Thanks for the feedback. Please let me know, if we can proceed with v2
based on these changes.
Regards,
Michael
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#96314): https://edk2.groups.io/g/devel/message/96314
Mute This Topic: https://groups.io/mt/94935824/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
