Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: group tools/mod updates and update only direct dependencies #18992

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

mmorel-35
Copy link
Contributor

Concerning tools update it seems more appropriate to update only direct dependencies.
They can also be grouped in one PR update.

@k8s-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mmorel-35
Once this PR has been reviewed and has the lgtm label, please assign ivanvc for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot
Copy link

Hi @mmorel-35. Thanks for your PR.

I'm waiting for a etcd-io member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@mmorel-35 mmorel-35 changed the title chore: group tools/mod and update only direct dependencies chore: group tools/mod updates and update only direct dependencies Dec 3, 2024
Copy link

codecov bot commented Dec 3, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.80%. Comparing base (c1171da) to head (d5b952d).

Current head d5b952d differs from pull request most recent head ad76095

Please upload reports for the commit ad76095 to get more accurate results.

Additional details and impacted files

see 27 files with indirect coverage changes

@@            Coverage Diff             @@
##             main   #18992      +/-   ##
==========================================
+ Coverage   68.77%   68.80%   +0.02%     
==========================================
  Files         420      420              
  Lines       35623    35623              
==========================================
+ Hits        24500    24509       +9     
+ Misses       9694     9691       -3     
+ Partials     1429     1423       -6     

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c1171da...ad76095. Read the comment docs.

@ahrtr
Copy link
Member

ahrtr commented Dec 4, 2024

/ok-to-test

@mmorel-35
Copy link
Contributor Author

/test pull-etcd-integration-1-cpu-amd64

Comment on lines 21 to 25
- dependency-type: direct
groups:
tools-mod:
patterns:
- "*"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems reasonable to me, most of our purely indirect dependencies come from tools so we end up closing them. Thanks for proposing it @mmorel-35, it should reduce weekly spam pr's. What do you think @ivanvc?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this PR has some overlap with the work from issue #18925.

That aside, I tested it in my fork, and it seems like dependabot is tidying the module correctly (ivanvc#450), as there is only a single directory specified (it looks like the tidying bug is only present when there is more than one directory specified).

The only potential risk I see is that if we have a dependency in /tools/mod that is also used in other submodule (i.e., github.com/gogo/protobuf, go.etcd.io/raft/v3, github.com/grpc-ecosystem/grpc-gateway/v2), our CI check pull-etcd-verify (verify-dep), will fail because the dependencies won't be at the same version.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An alternative would be first to merge the manual updates (including updating /tools/mod dependencies that are used in other modules). Then, wait for dependabot to update the grouped pull request. Finally, we could merge the grouped /tools/mod PR.

Even though it can be an alternative, it may not be viable (as just writing the steps in the previous paragraph took me a while to ensure I got it right). This alternative could also be potentially confusing, and instead of decreasing the toil, it could possibly increase it 😅... But I'm trying to think of alternatives to make this work.

Copy link
Member

@ivanvc ivanvc Dec 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, I'm in favor of keeping dependency-type: direct but dropping the group. What do you think, @jmhbnz?

It reduces the spam (and somewhat minimizes the toil), but we'll need to keep the manual process as is.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good to me, let's go with just the dependency-type: direct for this pr @mmorel-35.

@ivanvc
Copy link
Member

ivanvc commented Dec 5, 2024

Link to #18925.

@k8s-ci-robot
Copy link

@mmorel-35: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-etcd-verify d5b952d link true /test pull-etcd-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

5 participants