From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web10.778.1668193862387732886 for ; Fri, 11 Nov 2022 11:11:02 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=S3Jte0lI; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com) Received: from [192.168.4.22] (unknown [47.201.8.94]) by linux.microsoft.com (Postfix) with ESMTPSA id 8215120B717A; Fri, 11 Nov 2022 11:11:01 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 8215120B717A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1668193861; bh=c/4wL4WTZp5ZbAEqTqlmQfryc8zQVfn6B3uqIzvbg2k=; h=Date:Subject:To:References:From:In-Reply-To:From; b=S3Jte0lIlc2hD2zMEalTCEmm48K4bIJSuwW2yOyobKs40ZAsj9W4gMNE0cT8/d8si PIvi8IpOvCzhME7a8knFa24a34Q9Z2rFr3r6cHJGGzAtNtOnuTBAzv3vqSplMRJcr0 DGoyLIX9lYNYYrF/HgXYVBEas28FBbA9ye87C/Wk= Message-ID: <6c2a5423-f40f-7bb1-b540-6f0a7519128d@linux.microsoft.com> Date: Fri, 11 Nov 2022 14:10:28 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.13.1 Subject: Re: [edk2-devel] [PATCH v1 1/1] .github/dependabot.yml: Enable dependabot To: devel@edk2.groups.io, michael.d.kinney@intel.com References: <19321.1668180621378143776@groups.io> From: "Michael Kubacki" In-Reply-To: Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable I think that process is reasonable and we can discuss further in the=20 upcoming Tools & CI meeting. For now, I will leave the v1 patch on the mailing list and keep those=20 other commits up for reference. Thanks, Michael On 11/11/2022 1:44 PM, Michael D Kinney wrote: > Hi Michael, >=20 > Thanks for the quick investigation.I have reviewed some of the PRs=20 > generated in your fork by dependabot.The detailed information it=20 > collects and adds to the PR is really good. >=20 > I do notice that some dependencies (such as cmocka) are picking up the=20 > wrong content.I think this is an issue with the cmocka mirror that needs= =20 > to be fixed.We need to review all the dependencies in edk2 repo and make= =20 > sure all those dependencies are compatible with dependabot before=20 > activating it. >=20 > Given that any developer can submit a PR to run EDK II CI, perhaps we do= =20 > not need to treat dependabot any different.Just keep its default labels= =20 > and do not add a do-not-merge label or special comments from mergify. >=20 > Instead, we can depend on EDK II Maintainers to periodically monitor=20 > dependabot PRs and if there is one edk2 should pick up, the EDK II=20 > Maintainer that owns the package with the dependency can pull the=20 > dependebot PR into their fork and update the commit message with=20 > Signed-off-by and Cc tags for EDK II review and resubmit the PR and send= =20 > email patch reviews.If you think this process is reasonable, then we can= =20 > update the EDK II Development Process for this case for Maintainers. >=20 > I think this means your V1 is closer to what we need. >=20 > I recommend you bring this topic along with Maintainer process options=20 > and know edk2 dependabot compatibility issues to the TianoCore Tools/CI= =20 > meeting. >=20 > Thanks, >=20 > Mike >=20 > *From:*devel@edk2.groups.io *On Behalf Of=20 > *Michael Kubacki > *Sent:* Friday, November 11, 2022 7:30 AM > *To:* Kinney, Michael D ; devel@edk2.groups.i= o > *Subject:* Re: [edk2-devel] [PATCH v1 1/1] .github/dependabot.yml:=20 > Enable dependabot >=20 > Hi Mike, >=20 > It looks like the ability to open draft PRs is not possible at the moment= : > Configure dependabot to create draft PRs =C2=B7 Issue #1291 =C2=B7=20 > dependabot/dependabot-core =C2=B7 GitHub=20 > >=20 > I could not find an ability for dependabot to leave that comment. Though= =20 > I intentionally tried to keep it very similar in the mergify config file= =20 > to the merge conflict comment action to reduce complexity. >=20 > Thanks for the feedback. Please let me know, if we can proceed with v2=20 > based on these changes. >=20 > Regards, > Michael >=20 >=20