Hi Brian,
> On 26 Jul 2023, at 19:32, Brian Stansberry <brian.stansberry@redhat.com> wrote:
> But James Perkins has pointed out that such JIRA tracking is kind of overkill for non-production dependencies (e.g. test and build deps) and I agree.
+1
> The other thing I care about a lot is being able to grep the git log for commits related to a JIRA. That would of course be lost for non-production upgrades with no JIRA. Oh well. Also though dependabot wouldn't put our JIRA in its commit messages. But for PRs where we file a JIRA we can require human edit of the dependabot PR title to reference the JIRA. That will result in the JIRA appearing in the log via the merge commit Github generates. That solves the git log use case adequately enough IMO.
As an example, we did experiment with this approach in WildFly Core with some PR opened by Dependabot:
https://github.com/wildfly/wildfly-core/pull/4937
which resulted in the merge commit:
https://github.com/wildfly/wildfly-core/commit/50eafdb9ec87d9d0ad94288e860a3914591ce98e
+1.
People may notice I sometimes edit PR titles a bit before merging, or request title changes during code review. I do this to tweak the merge commit message, usually to add a missing JIRA ref.
Best regards,
jeff
--
Jeff Mesnil
Engineer @ Red Hat JBoss EAP
http://jmesnil.net/