Skip to content

Enable automatic NPM updates using dependabot #22679

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 14, 2024
Merged

Enable automatic NPM updates using dependabot #22679

merged 6 commits into from
Oct 14, 2024

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Oct 11, 2024

Description:

This PR enables NPM updates using dependabot.

Updates will only include minor or patch version updates.

To ensure that production package updates are commited to git, I've also added a new action to handle that.

The additional node requirement in package.json is required, as otherwise npm update might update sub-dependencies to versions that may break the vue build process.

Review

@sgiehl sgiehl marked this pull request as ready for review October 12, 2024 22:02
@sgiehl sgiehl mentioned this pull request Oct 14, 2024
Merged
11 tasks
michalkleiner
michalkleiner reviewed Oct 14, 2024
View reviewed changes
michalkleiner
michalkleiner reviewed Oct 14, 2024
View reviewed changes
sgiehl
sgiehl commented Oct 14, 2024
View reviewed changes
.github/dependabot.yml
separator: "-"
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-minor"]
Copy link
Member Author

@sgiehl sgiehl Oct 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: This will currently prevent any minor updates for npm library to happen. At some point we might want to remove that, but at the moment this would break the build process. Applying only patch version updates doesn't cause problems in the build process.
See https://github.com/sgiehl/matomo/actions/runs/11329289061/job/31504483927?pr=55 for a fail build after minor updates

michalkleiner
michalkleiner reviewed Oct 14, 2024
View reviewed changes
michalkleiner
michalkleiner previously approved these changes Oct 14, 2024
View reviewed changes
@michalkleiner
Copy link
Contributor

Just a minor question about a label for PRs but not holding the approval just because of that.

@sgiehl sgiehl requested a review from michalkleiner October 14, 2024 16:12
@sgiehl sgiehl added the Needs Review PRs that need a code review label Oct 14, 2024
@sgiehl sgiehl added this to the 5.2.0 milestone Oct 14, 2024
@sgiehl
Copy link
Member Author

sgiehl commented Oct 14, 2024

@michalkleiner I've adjusted the labels now. Feel free to review and merge if everything is fine.

@michalkleiner michalkleiner added the Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change. label Oct 14, 2024
@michalkleiner michalkleiner merged commit a403651 into 5.x-dev Oct 14, 2024
6 of 27 checks passed
@michalkleiner michalkleiner deleted the dependabotnpm branch October 14, 2024 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michalkleiner michalkleiner michalkleiner approved these changes

Assignees
No one assigned
Labels
Needs Review PRs that need a code review Task Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Milestone
5.2.0
Development

Successfully merging this pull request may close these issues.
2 participants
@sgiehl @michalkleiner