Hi Brian,
On 26 Jul 2023, at 19:32, Brian Stansberry
<brian.stansberry(a)redhat.com> wrote:
But James Perkins has pointed out that such JIRA tracking is kind of overkill for
non-production dependencies (e.g. test and build deps) and I agree.
+1
The other thing I care about a lot is being able to grep the git log
for commits related to a JIRA. That would of course be lost for non-production upgrades
with no JIRA. Oh well. Also though dependabot wouldn't put our JIRA in its commit
messages. But for PRs where we file a JIRA we can require human edit of the dependabot PR
title to reference the JIRA. That will result in the JIRA appearing in the log via the
merge commit Github generates. That solves the git log use case adequately enough IMO.
As an example, we did experiment with this approach in WildFly Core with some PR opened by
Dependabot:
https://github.com/wildfly/wildfly-core/pull/4937
which resulted in the merge commit:
https://github.com/wildfly/wildfly-core/commit/50eafdb9ec87d9d0ad94288e86...
Best regards,
jeff
--
Jeff Mesnil
Engineer @ Red Hat JBoss EAP
http://jmesnil.net/