Project

General

Profile

Actions
Copy link

action #157369

closed

coordination #154768: [saga][ux] State-of-art user experience for openQA

coordination #157510: [epic] Up-to-date JavaScript stack

Handle all node dependabot updates, not just security updates in our usual work processes

Added by okurz about 1 month ago. Updated 22 days ago.

Status:
Resolved
Priority:
Low
Assignee:
okurz
Category:
Feature requests
Target version:
Ready
Start date:
2024-01-05
Due date:
% Done:

0%

Estimated time:

Description

Motivation

With #155410 resolved we have dependabot updates in https://github.com/os-autoinst/openQA/, actually already for all node updates, not just security updates. But we need to help dependabot on getting the updates done, e.g. update our code and tests so that they cope with a newer version. For trivial cases we already have dependabot creating the pull request and mergify eventually merging it after a wait time of multiple days. For the cases where CI tests fail we need people to push code changes. Maybe just mention it on https://progress.opensuse.org/projects/qa/wiki/tools that we should support such pull requests, set aside work time to support those updates and in cases where it's becoming too much effort just create an according ticket for each pull request that needs more work.

Acceptance criteria

  • AC1: The team is confident how to handle dependabot updates as part of their daily work

Suggestions

  • Add on an appropriate place on progress.opensuse.org/projects/qa/wiki/tools how to handle such updates
  • Tell everyone from the team, ask them for feedback, adjust
Actions
Copy link
 #2

Updated by okurz about 1 month ago

  • Private changed from Yes to No
Actions
Copy link
 #3

Updated by okurz about 1 month ago

  • Parent task set to #157510
Actions
Copy link
 #4

Updated by okurz about 1 month ago

  • Target version changed from Tools - Next to Ready
Actions
Copy link
 #5

Updated by okurz about 1 month ago

  • Subject changed from Handle all node dependabot updates, not just security updates to Handle all node dependabot updates, not just security updates in our usual work processes
  • Description updated (diff)
  • Assignee set to okurz
Actions
Copy link
 #6

Updated by okurz about 1 month ago

  • Due date set to 2024-04-08
  • Status changed from New to In Progress

In https://progress.opensuse.org/projects/qa/wiki/Tools/diff?utf8=%E2%9C%93&commit=View+differences&version=393&version_from=392 I added an explicit description of what is expected from team members, in particular "Offer development help for people contributing to those projects, […] offer to continue developing, help to fix CI tests, dependabot updates, etc."

So with that I would like to try it out with the team that we provide the necessary work to get those dependabot updates merged without needing extra tickets.

Actions
Copy link
 #7

Updated by okurz about 1 month ago

  • Status changed from In Progress to Feedback
Actions
Copy link
 #8

Updated by livdywan 23 days ago

I was unsure at first. Now if I consider dependabot PR's like those of human contributors who need help to get their changes ready to be merged it feels pretty normal. And we still have the option of creating a ticket if something's not obvious enough to come up with a fix right away.

Might be good to bring up in the coordination call.

Actions
Copy link
 #9

Updated by okurz 22 days ago

  • Due date deleted (2024-04-08)
  • Status changed from Feedback to Resolved

Process works.

Actions
Copy link

Also available in: Atom PDF