[Numpy-discussion] Allowing Dependabot access to the numpy repo
Matti Picus
matti.picus at gmail.com
Sun Sep 1 03:46:47 EDT 2019
Discussion has died down, I think the consensus is to use Dependabot. I
will proceed with allowing it access.
Thanks,
Matti
On 29/8/19 12:07 pm, Nathaniel Smith wrote:
> AFAICT all these services work by creating branches inside your repo
> and then making a PR from that – they don't make their own forks.
> (Which makes some sense when you consider they would need tens of
> thousands of forked epos for all the projects they work with.)
>
> I don't think there's any need to worry about giving GitHub Inc. (dba
> Dependabot) write permissions to a GitHub repo, though.
>
> You do maybe want to set up CI so that it doesn't run on these
> branches, since it will also run on the PRs, and running CI twice on
> the same branch is slow and wasteful.
>
> -n
>
> On Thu, Aug 29, 2019, 01:45 Ryan May <rmay31 at gmail.com
> <mailto:rmay31 at gmail.com>> wrote:
>
> Hi,
>
> The answer to why Dependabot needs write permission seems to be to
> be able to work with private repos:
>
> https://github.com/dependabot/feedback/issues/22
>
> There doesn't seem to be any way around it... :(
>
> Ryan
>
> On Thu, Aug 29, 2019 at 12:04 AM Matti Picus
> <matti.picus at gmail.com <mailto:matti.picus at gmail.com>> wrote:
>
> In PR 14378 https://github.com/numpy/numpy/pull/14378 I moved
> all our python test dependencies to a test_requirements.txt
> file (for building numpy the only requirement is cython). This
> is worthy since it unifies the different "pip install"
> commands across the different CI systems we use. Additionally,
> there are services that monitor the file and will issue a PR
> if any of those packages have a new release, so we can test
> out new versions of dependencies in a controlled fashion.
> Someone suggested Dependabot (thanks Ryan), which turns out to
> be run by a company bought by github itself.
>
>
> When signing up for the service, it asks for permissions:
> https://pasteboard.co/IuTeWNz.png. The service is in use by
> other projects like cpython. Does it seem OK to sign up for
> this service?
>
>
> Matti
>
> _______________________________________________
> NumPy-Discussion mailing list
> NumPy-Discussion at python.org <mailto:NumPy-Discussion at python.org>
> https://mail.python.org/mailman/listinfo/numpy-discussion
>
>
>
> --
> Ryan May
>
> _______________________________________________
> NumPy-Discussion mailing list
> NumPy-Discussion at python.org <mailto:NumPy-Discussion at python.org>
> https://mail.python.org/mailman/listinfo/numpy-discussion
>
>
> _______________________________________________
> NumPy-Discussion mailing list
> NumPy-Discussion at python.org
> https://mail.python.org/mailman/listinfo/numpy-discussion
More information about the NumPy-Discussion
mailing list