action #157369
closedcoordination #154768: [saga][epic][ux] State-of-art user experience for openQA
coordination #157510: [epic] Up-to-date JavaScript stack
Handle all node dependabot updates, not just security updates in our usual work processes
Description
Motivation¶
With #155410 resolved we have dependabot updates in https://github.com/os-autoinst/openQA/, actually already for all node updates, not just security updates. But we need to help dependabot on getting the updates done, e.g. update our code and tests so that they cope with a newer version. For trivial cases we already have dependabot creating the pull request and mergify eventually merging it after a wait time of multiple days. For the cases where CI tests fail we need people to push code changes. Maybe just mention it on https://progress.opensuse.org/projects/qa/wiki/tools that we should support such pull requests, set aside work time to support those updates and in cases where it's becoming too much effort just create an according ticket for each pull request that needs more work.
Acceptance criteria¶
- AC1: The team is confident how to handle dependabot updates as part of their daily work
Suggestions¶
- Add on an appropriate place on progress.opensuse.org/projects/qa/wiki/tools how to handle such updates
- Tell everyone from the team, ask them for feedback, adjust
Updated by okurz 9 months ago
- Due date set to 2024-04-08
- Status changed from New to In Progress
In https://progress.opensuse.org/projects/qa/wiki/Tools/diff?utf8=%E2%9C%93&commit=View+differences&version=393&version_from=392 I added an explicit description of what is expected from team members, in particular "Offer development help for people contributing to those projects, […] offer to continue developing, help to fix CI tests, dependabot updates, etc."
So with that I would like to try it out with the team that we provide the necessary work to get those dependabot updates merged without needing extra tickets.
Updated by livdywan 9 months ago
I was unsure at first. Now if I consider dependabot PR's like those of human contributors who need help to get their changes ready to be merged it feels pretty normal. And we still have the option of creating a ticket if something's not obvious enough to come up with a fix right away.
Might be good to bring up in the coordination call.