Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set up automated dependency updates (OSOE-815) #703

Open
Piedone opened this issue Feb 15, 2024 · 0 comments
Open

Set up automated dependency updates (OSOE-815) #703

Piedone opened this issue Feb 15, 2024 · 0 comments

Comments

@Piedone
Copy link
Member

Piedone commented Feb 15, 2024

Set up some kind of automation to update NPM and NuGet dependencies in all OSOCE projects. If we really want to get fancy, then perhaps Docker dependencies (if we have any directly used ones, e.g. ZAP is not an easy case) as well as dotnet tools (see e.g. this) too.

  • This needs to cover the projects directly in this repo, both in the OSOCE and NuGetTest solutions, as well as all referenced submodules. Once we have a working approach, we'll use it in all non-OSOCE and closed-source apps too.
  • Dependabot can do this. However, we have dozens of repos where we don't want to duplicate configuration, and it seems Dependabots configs can't be DRY (though there are workarounds).
  • Renovate looks like a good tool too, and it supports DRY config as well.
  • We don't want to get too many such PRs, since ultimately, all of them need to be reviewed by a human, perhaps also tested, and in the case of submodules, integrated into OSOCE. So, e.g. make it check dependencies once a month?
  • It should be possible to keep submodules on the latest minor version of OC (e.g. 2.1.0) instead of forcing them to the latest patch version (e.g. 2.1.3).

Jira issue

@github-actions github-actions bot changed the title Set up automated dependency updates Set up automated dependency updates (OSOE-815) Feb 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant