malliaridis opened a new pull request, #2880: URL: https://github.com/apache/solr/pull/2880
https://issues.apache.org/jira/browse/SOLR-17571 # Description With the introduction of Version catalogs we can make use of dependabot and replace our current bot. This allows us to run regular dependency and security updates directly on the project. # Solution The solution introduces a configuration for dependabot that checks for security updates daily and creates PRs with dependency updates if they are security-related (unlimited). Additionally, it creates regular dependency updates bi-weekly and up to 100 PRs, grouping dependencies together based on our version catalog. Custom dependency groups are create for related dependencies (like Apache Calcite dependencies) that use different versions but should update together. For frequently updated dependencies, dependabot will create separate PRs and will check only monthly for updates. Since dependabot does not support additional execution steps for writing locks and updating checksums, the gradle-precommit workflow is updated to run `gradlew writeLocks` and `gradlew updateLicenses`, and commits the changes before running the usual tests. These actions are only executed if dependabot creates the PRs. # Checklist Please review the following and check all that apply: - [X] I have reviewed the guidelines for [How to Contribute](https://github.com/apache/solr/blob/main/CONTRIBUTING.md) and my code conforms to the standards described there to the best of my ability. - [X] I have created a Jira issue and added the issue ID to my pull request title. - [X] I have given Solr maintainers [access](https://help.github.com/en/articles/allowing-changes-to-a-pull-request-branch-created-from-a-fork) to contribute to my PR branch. (optional but recommended, not available for branches on forks living under an organisation) - [X] I have developed this patch against the `main` branch. - [X] I have run `./gradlew check`. - [ ] I have added tests for my changes. - [ ] I have added documentation for the [Reference Guide](https://github.com/apache/solr/tree/main/solr/solr-ref-guide) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
