-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: group tools/mod updates and update only direct dependencies #18992
base: main
Are you sure you want to change the base?
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: mmorel-35 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hi @mmorel-35. Thanks for your PR. I'm waiting for a etcd-io member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
f26d216
to
cbb9450
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted filessee 22 files with indirect coverage changes @@ Coverage Diff @@
## main #18992 +/- ##
==========================================
- Coverage 68.82% 68.75% -0.08%
==========================================
Files 420 420
Lines 35621 35621
==========================================
- Hits 24517 24492 -25
- Misses 9683 9699 +16
- Partials 1421 1430 +9 Continue to review full report in Codecov by Sentry.
|
/ok-to-test |
/test pull-etcd-integration-1-cpu-amd64 |
- dependency-type: direct | ||
groups: | ||
tools-mod: | ||
patterns: | ||
- "*" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems reasonable to me, most of our purely indirect dependencies come from tools so we end up closing them. Thanks for proposing it @mmorel-35, it should reduce weekly spam pr's. What do you think @ivanvc?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this PR has some overlap with the work from issue #18925.
That aside, I tested it in my fork, and it seems like dependabot is tidying the module correctly (ivanvc#450), as there is only a single directory specified (it looks like the tidying bug is only present when there is more than one directory specified).
The only potential risk I see is that if we have a dependency in /tools/mod
that is also used in other submodule (i.e., github.com/gogo/protobuf
, go.etcd.io/raft/v3
, github.com/grpc-ecosystem/grpc-gateway/v2
), our CI check pull-etcd-verify
(verify-dep
), will fail because the dependencies won't be at the same version.
Link to #18925. |
Concerning tools update it seems more appropriate to update only direct dependencies.
They can also be grouped in one PR update.