malliaridis commented on code in PR #2880:
URL: https://github.com/apache/solr/pull/2880#discussion_r1864700169
##
.github/workflows/pull-request-checks.yml:
##
@@ -0,0 +1,323 @@
+name: Pull Request Checks
+
+# This workflow makes use of labels to selectively run jobs. However,
malliaridis commented on code in PR #2880:
URL: https://github.com/apache/solr/pull/2880#discussion_r1864700169
##
.github/workflows/pull-request-checks.yml:
##
@@ -0,0 +1,323 @@
+name: Pull Request Checks
+
+# This workflow makes use of labels to selectively run jobs. However,
malliaridis commented on PR #2880:
URL: https://github.com/apache/solr/pull/2880#issuecomment-2509519554
One of the most significant changes in the latest updates is the workflow
and job execution order. The workflow execution
https://github.com/malliaridis/solr-temp/actions/runs/1209178828
malliaridis commented on PR #2880:
URL: https://github.com/apache/solr/pull/2880#issuecomment-2509507381
@janhoy I was thinking of this solution, but disabling the labeler job would
prevent it from updating the labels if specific files would be changed by a
user in a dependabot PR (for fixi
janhoy commented on PR #2880:
URL: https://github.com/apache/solr/pull/2880#issuecomment-2509404190
> I couldn't find a way to configure the labeler so that it keeps the
existing labels set by dependabot
I did a search and I believe you can make the entire labeler workflow
conditiona
malliaridis commented on PR #2880:
URL: https://github.com/apache/solr/pull/2880#issuecomment-2506862810
> A bonus that we get a "security" label on those PRs!
I have also noticed that our labeler overrides the labels dependabot is
setting. I couldn't find a way to configure the label
malliaridis commented on PR #2880:
URL: https://github.com/apache/solr/pull/2880#issuecomment-2506858391
Current changes do not work for PRs outside the repository, so more work
needs to be done on that "checkout latest changes" configuration.
--
This is an automated message from the Apac
malliaridis commented on PR #2880:
URL: https://github.com/apache/solr/pull/2880#issuecomment-2506857549
Sorry for the delayed update on this PR. I was testing on a separate project
the configurations, and had to make further changes to make security updates
actually work correctly.
janhoy commented on code in PR #2880:
URL: https://github.com/apache/solr/pull/2880#discussion_r1862722863
##
.github/dependabot.yml:
##
@@ -0,0 +1,83 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the
janhoy commented on PR #2880:
URL: https://github.com/apache/solr/pull/2880#issuecomment-2491150874
> no PR limit creates over 70 PRs
If possible, I'd rate-limit this on the first few days so we have a chance
to fine-tune the bot.
--
This is an automated message from the Apache Git
janhoy commented on PR #2880:
URL: https://github.com/apache/solr/pull/2880#issuecomment-2491149013
> Are there any specific needs for how to treat security updates
(dependencies with vulnerabilities)?
We have not distinguished these before, and such CVEs are already public
anyway. C
malliaridis commented on PR #2880:
URL: https://github.com/apache/solr/pull/2880#issuecomment-2489847298
The current configuration has multiple issues that I will fix in the
upcoming changes. Are there any specific needs for how to treat security
updates (dependencies with vulnerabilities)?
malliaridis commented on code in PR #2880:
URL: https://github.com/apache/solr/pull/2880#discussion_r1850666596
##
.github/workflows/gradle-precommit.yml:
##
@@ -1,17 +1,80 @@
name: Gradle Precommit
-on:
+on:
pull_request:
branches:
- 'main'
- 'branch_*
janhoy commented on code in PR #2880:
URL: https://github.com/apache/solr/pull/2880#discussion_r1850477067
##
.github/workflows/gradle-precommit.yml:
##
@@ -1,17 +1,80 @@
name: Gradle Precommit
-on:
+on:
pull_request:
branches:
- 'main'
- 'branch_*'
malliaridis opened a new pull request, #2880:
URL: https://github.com/apache/solr/pull/2880
https://issues.apache.org/jira/browse/SOLR-17571
# Description
With the introduction of Version catalogs we can make use of dependabot and
replace our current bot. This allows us to run
15 matches
Mail list logo
