Skip to content

Dependabot

Jump to bottom
Song Zheng edited this page Dec 26, 2021 · 8 revisions

Dependabot

To keep our packages updated, we use dependabot to send pull requests to our repo automatically everytime there is an update.

In the image below, there are 2 scenarios:

  • Passing - This means that the update passes our deployment and test check so it has low risk of breaking our builds. After 2 approvals it can be merged
  • Failing - This is a breaking update that causes either our tests or deployment to fail. To remedy this, you would have to pull the change into your development environment and make fixes, then send up a new pull request (and closing the dependabot pull request). Full steps

dependabot

Fixing Breaking Builds

dependabot branch

  1. To help understand what may have caused the build, it helps to look at release notes.
  2. Copy the dependabot branch name (screenshot above)
  3. git fetch upstream dependabot-branch-name to download the dependabot branch
    • You may have to rename upstream and dependabot-branch-name to the remote variable you set for your main repo's upstream and the dependabot branch, respectively.
  4. Now that you have the code locally, run the test and make the appropriate fixes
  5. Send up a pull request, ask in channel for a review
  6. Once your pull request is merged in, close the failing dependabot pull request.
Clone this wiki locally