We have quite different workflows for updating build/test dependencies and public (actual) dependencies:
# Build/test dependencies don’t require a Jira issue while public (runtime) dependencies do . # As a result, build/test dependencies could safely be built from the dependabot PR directly while public dependencies require that we send another PR with the Jira number prefixed.
We’ve more or less handled item 1 by adding regexp filters to the Hibernate GitHub bot. But item 2 means we also need to maintain regexps in the Jenkins config, to determine which PRs need to be built or not. That’s impractical.
What if we had two separate dependabot configuration sets:
# One that excludes build dependencies using a pattern (e.g. exclude ‘*-plugin’, etc.), and applies a “runtime dependency” label to generated PRs. # One that only allows build dependencies using the same pattern, and applies a “build dependency” label to generated PRs.
Then we could use something like [https://plugins.jenkins.io/github-label-filter/|https://plugins.jenkins.io/github-label-filter/|smart-link] in the Jenkins config to ignore PRs labelled with “runtime dependency” , and could adapt the bot to ignore PRs labelled with “build dependency”.
Then we’d be able to configure build/runtime dependency patterns in only one place: dependabot config. |
|