Conversation
brrygrdn
force-pushed
the
brrygrdn/prototype-grouping-updates
branch
2 times, most recently
from
6ab5bec to
9d96116
Compare
| all_updated_deps = update_batch.values.flatten | ||
| logger_info("Updated #{all_updated_deps.count} dependencies") | ||
| updated_files = generate_dependency_files_for(all_updated_deps) | ||
|
|
||
| create_pull_request(all_updated_deps, updated_files, pr_message(all_updated_deps, updated_files)) |
There was a problem hiding this comment.
This passes existing tests but is too naive to work under most circumstances, this is where we need to replicate the iterative file changes from the dry-run prototype.
@bdragon I think this is essentially where the control plane for the underlying file system would be, with generate_dependency_files_for being executed per row of update_batch.values and the outcome resulting in either a git commit or git clean.
| # FIXME: This file is a copy-paste of `spec/dependabot/updater_spec.rb` | ||
| # | ||
| # The intent is to run the tests for existing behaviour without the churn | ||
| # of refactoring the existing tests into shared examples until we know | ||
| # how the code is going to decompose | ||
| # | ||
| # Tests that don't apply or work properly for grouped updates are skipped | ||
| # rather than deleted, and new group-specific tests are added under the | ||
| # `run_grouped` block. |
There was a problem hiding this comment.
As noted, this test is a fork of the existing tests as just acts as a plumb-line for how much coverage we have on the new code, what is currently side-stepped, etc as a way to heatmap where we need to bring up coverage before we start changing the 'real' implementation.
brrygrdn
force-pushed
the
brrygrdn/prototype-grouping-updates
branch
from
0d28b4e to
57068cf
Compare
landongrindheim
left a comment
landongrindheim
left a comment
There was a problem hiding this comment.
Approving to unblock image building workflows 🔓
brrygrdn
force-pushed
the
brrygrdn/prototype-grouping-updates
branch
5 times, most recently
from
b3f6028 to
5e2e416
Compare
Add a mix of TODOS and FIXMES for subsequent changes
The goal of this is to create a safe working space to reimplement Dependabot::Update#run without taking on the need to verify our prototype work as strictly as the production implementation. It is important to fail-fast on our proposed strategy without investing more time in refactoring the existing code to make way for a new architecture that we can't be sure will actually work out.
brrygrdn
force-pushed
the
brrygrdn/prototype-grouping-updates
branch
from
d3cfb96 to
6c7b418
Compare
brrygrdn
force-pushed
the
brrygrdn/prototype-grouping-updates
branch
from
6c7b418 to
bc9976c
Compare
|
Closing this out as superseded by #6884 |
2 participants
The purpose of this is spike is to create an isolated code line to reimplement
Dependabot::Update#runwithout taking on the need to verify our prototype work as strictly as the production implementation.It is important to fail-fast on our proposed strategy and test our service's assumptions about PRs without investing more time in refactoring the existing code to make way for a new architecture that we can't be sure will actually work out.
This should not be considered indicative of the final architecture
The Approach
This spike explores grouping in a naive, ecosystem-agnostic way by using the
Dependabot::Updaterclass to drive collecting up the Dependency changes required by a particular group rule - for now we assume a rule of '*', i.e. group everything - and then executing a singleFileUpdaterand PR creation invocation on the aggregate changes.For purposes of simplicity, we have disabled concerns around managing the lifecycle of PRs, i.e. superseding and rebasing existing PR, as well as set aside Security-only update strategies since they are already special-cased.
Goals
updater/code to improve quality, test coverage, etcDependabot::Updaterto better isolate theUpdateCheckerandFileUpdatersteps to break the assumption they are always 1:1common/libto in order to test our hypothesis without waiting on (1) and (2) to shipNon-goals
dry-runscriptdry-runscript as part of an earlier experimentDependabot::Updaterarchitecture we will figure out how to best maintain thedry-runscript as the two overlap heavily