Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect new ecosystems #108

Closed
ghost opened this issue Apr 25, 2024 · 4 comments · Fixed by #140
Closed

Detect new ecosystems #108

ghost opened this issue Apr 25, 2024 · 4 comments · Fixed by #140
Assignees
@zkoppert
Labels
enhancement New feature or request

Comments

@ghost
Copy link

ghost commented Apr 25, 2024

Is your feature request related to a problem?

If you have a dependabot.yml with config for e.g. ecosystem maven, then add a new ecosystem in the same project (i.e. npm), then evergreen won't try to update dependabot.yml to include npm.

Describe the solution you'd like

A new PR/Issue should be created when a project contains a dependabot.yml-file, but with missing ecosystems.

Describe alternatives you've considered

No response

Additional context

No response
@ghost ghost added the enhancement New feature or request label Apr 25, 2024
@ghost
Copy link
Author

ghost commented Apr 25, 2024

A better example may be the github-actions ecosystem, which is easy to forget when creating a dependabot.yml. We have numerous projects that currently don't have a pipeline, only source code.
This action will helpfully tell us that we're missing dependabot for i.e. maven or npm ecosystem. When we later add a pipeline to build & deploy the project, this action sadly won't tell us that we're missing the github-actions ecosystem.

@jmeridth
Copy link
Member

jmeridth commented Apr 25, 2024
edited
Loading

@vidwah-nte Great idea. Thank you for sharing.

May be able to tie this in with #29

Update:
And #4 (closed now as duplicate) (thanks @zkoppert for mentioning that to me)

@zkoppert zkoppert mentioned this issue Apr 25, 2024
Closed
@zkoppert
Copy link
Member

Thank you for suggesting this! I agree this is a very valuable change that we would love to have for our use at GitHub as well. One implementation detail to keep in mind here is that we don't want to repeatedly ask everytime the tool runs for them to add an ecosystem that they have previously been asked about so we will need to ensure we are properly detecting closed PRs around those and skipping those. Could get a little tricky but still a solvable problem.

@ghost
Copy link
Author

ghost commented Apr 26, 2024

An alternative to checking whether there's already been a PR (for ecosystems people don't want in their project), is to instruct users to comment out ecosystems (but leave them in the dependabot.yml file). That, or instructing users to add some sort of # evergreen-ignore-ecosystems: maven,npm annotation in the dependabot.yml file.
This might be easier to implement rather than going through PRs in the project.
Not going to argue this is a better solution, I'll just add it as a possibility to be considered.

@zkoppert zkoppert self-assigned this May 17, 2024
@zkoppert zkoppert mentioned this issue May 25, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zkoppert zkoppert

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Update existing configs with missing package-ecosystems github/evergreen
2 participants
@jmeridth @zkoppert