From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com [40.92.18.108]) by mx.groups.io with SMTP id smtpd.web09.428.1668109982789603336 for ; Thu, 10 Nov 2022 11:53:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@outlook.com header.s=selector1 header.b=HuWHTkxZ; spf=pass (domain: outlook.com, ip: 40.92.18.108, mailfrom: michael.kubacki@outlook.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gFZ6KApYztilQDkLjYdGM4M+g51rtFgaKKqmyB6Wh9PCK58jZ1xoMbknlRD3VVJaDwz72RJSUjKrONnAaQXusiu7REPH2UCTIb4NYQXfcsqwj3isKpiu7sQGKDcZIEVY4e4j9WEnh7NQN0xDXJBLP7TJ7Camm+FYY87zSDcL/RgmD2rtS7gYuJmIGzkaVfvG6OTXoKihKotMjjh41IQyUksg/2ALL5IRnLp1sK4AGMmikRkVYOhyJZsBk1cfAEOr1bbGisBY8mX+z2WOtYiP3G4D6VlfqXfZ8y1qSIxb4z0xE+fBtXifzvJSPHMcXPKJeC73TcY3USlB42ZMt6GCpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tExYyXIRCCnSsFpBoFmAwbN75bAT/plt7Km8+ARoSbI=; b=Lf8Fy23opekKWASgY/eWBPYlSdXXK2kqduQVXVdT0DGDGJO7sRq0rZ6hWz41VEkFKjhEYuz4dZbhHmsRR4FD+FCsNd6xxlHKDxoVGtuKNZETnYKmuny1ccm4BM9r/QOpTsda0wfdO7dkOs/ejOx4sIFQdtfsd/D7QI+ucKvjmruFJ+zuz+GhaCuMjYPcnyJsLeWdcKQTvtgBjfv2fbZRt9sFvxOcZtGoiprkwMGxLnhhPNzppUx1TfdBt5Pgv2SxMYv27c+4LHYl0zq2Fe5x+ttPvvomuQa8bXIpoT2n814Prc7rKoLKbCe6+zKWy/0lL9IC6sru5MvvSv/wTZfZ9Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tExYyXIRCCnSsFpBoFmAwbN75bAT/plt7Km8+ARoSbI=; b=HuWHTkxZnKxtU8lhJP0zfZFvGK822YdRgVVpmxbCys5mtcCJcudkDowsMkHadTkVKQ8kVKxFzDpxuGU3q1epXHS32cm0u6XeW8AxHx1cQtVEgLnEpN6k0WF7gh93cTCiM/5m18gKQvhGya6jRZLUVP7aogxuIWAsDOviBfXCsmongXDdA2VModo1hRZm72nZsBWglWea9iHOSaPK7XyEyD8VOl9Pq8p7hnVRnf3TT1Ato8RkoQ/19xqlojQlEGM54U2vsRjqNrjIjkCRiq7gioGugWE7/Ze6p8E8sS2/2d3Fhem+bums0ycgsPph3MZ07OrZaQMY6syMhjUqWebtXw== Received: from SN7PR11MB6678.namprd11.prod.outlook.com (2603:10b6:806:26a::20) by BN0PR11MB5696.namprd11.prod.outlook.com (2603:10b6:408:14b::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.27; Thu, 10 Nov 2022 19:53:01 +0000 Received: from SN7PR11MB6678.namprd11.prod.outlook.com ([fe80::e839:fbfb:6547:f270]) by SN7PR11MB6678.namprd11.prod.outlook.com ([fe80::e839:fbfb:6547:f270%4]) with mapi id 15.20.5791.027; Thu, 10 Nov 2022 19:53:01 +0000 Message-ID: Date: Thu, 10 Nov 2022 14:52:57 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: [edk2-devel] [PATCH v1 1/1] .github/dependabot.yml: Enable dependabot To: devel@edk2.groups.io, michael.d.kinney@intel.com, "mikuback@linux.microsoft.com" Cc: Sean Brogan References: <20221110134654.422-1-mikuback@linux.microsoft.com> From: "Michael Kubacki" In-Reply-To: X-TMN: [Q0BZyWiMMkDiQRlK60k9daTgZmWPl5cq] X-ClientProxiedBy: CH2PR08CA0019.namprd08.prod.outlook.com (2603:10b6:610:5a::29) To SN7PR11MB6678.namprd11.prod.outlook.com (2603:10b6:806:26a::20) Return-Path: michael.kubacki@outlook.com X-Microsoft-Original-Message-ID: <4e5d6698-e154-52b7-42ab-77b7d8f4dccd@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN7PR11MB6678:EE_|BN0PR11MB5696:EE_ X-MS-Office365-Filtering-Correlation-Id: 259f60f0-00ad-4888-c6a4-08dac3552c05 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ipKQhcpW2GiUEycIMjRaPZe207gYz6e4DkxollxFzP6vlboR8UuuTl0vVTttdIMhlAO7CMh4Mcbdm+Grzowomx1+0V75gKDoma3vds9kvwTaBTadJJ75Fp15P52YIRlgIRn+LeMS6qofoV7X2mYzjqDCHJhdNSJxa0H5JERSgt4byWxMdypysFN3S0OWOkU8mTsU0kz+zyXXA/R9la9ObHlu2OVy4ZrBy6DUxFOsrHlbg5y+cS3cejOE5jcB3e6bOHJ+0gMSLKt/6DoLE6twJEybXaF13Ip6sHHMOkq3TaMK4erMl+4ZOKhogBTyLfIq43YQPq+e/xYwwqIQbIBJjjVPLjfAUhFQM6p53j8ET+rRH6XwrUoZfbe69K/BQNUB9MiMdE1cM9rTWOLBM73005XVaFDO+arHGa2fFbQUrIhuyoxXhhAYAreH4bFsgZvtO9JqwC8rOC4WBO8BSYfQx0rxyFMcB4Bgf14Vn3b4gFIhSg9SulyRYudIBzIEVKdYOvy5uw8XGE2L0MRDam1zLoxWsgWBZUbxDVkjWDhiyCJ0F/0xqm5VFfEFBl2jcDrnr2hMDHP+WCMRBwew+oFWcZIdSMBqujifp64l3JwtcWS2To7XNhHVIrBFW8y5J9K1yHfMf9LGLoWAKPt61xiTmhIQukftSDDF0P+Nkp4R0/7IOpJJhXEILK+wE1QbI46Wc+LtyP1jLwurmLaJsSrfUA== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MHZibFhRdTNuSmZuT2NvaUgrSUlDSXE1RkpOSHIzVFpUQnNnNHRoTTdhMHpU?= =?utf-8?B?dkJzeEhSWW5ndGRjMU95eDVMemlSUm1aZzlDRWFtbDBEazkvRkF2QnBRcEFZ?= =?utf-8?B?MlFPZWxQVDg4RFIrMGxDcFRad2RQVW5nQUlQZ09zRjhzMUhvRkIyNDB0aURL?= =?utf-8?B?bkt3ME1pb1dwWFhDZ09MdlJsdFFGWklPNHJvMWZKVjVFNDNNS2JOeXhUdXZV?= =?utf-8?B?OWpmU09PdkJlS2toc2JMQkpzbXVkdzh0NnRaZ2pUSTNpU2RVUU45YXVXMEU1?= =?utf-8?B?NWwyV2xWNjRLbjRIeWdIVnNCN0lDMTArWG0zWFM2MFdsK0JxZnYwaWxpbDVj?= =?utf-8?B?bDFuUTAweExjRVB2S3REN2srUVA1NnROdndzTXg2NWg5amt1eU94WWN4Ylps?= =?utf-8?B?ZCsrb0JXczgwYW1FcS9YemlxNElXRE5zeEZmR3BoRUhldWdoZDY5aTRNcDhU?= =?utf-8?B?aUdnWElCS0k5WXlaUjRwY3BBY2lhdnVmVVdsdDZFeThZYmJQUUF0eVR6VHB2?= =?utf-8?B?RSszVHdTQTRjaUcxbWx3RDA0VCtucHpZMjgwNFNONm4rQkgwcnlZQnZBR21C?= =?utf-8?B?L2NKREQ3QzVPM1RpaGxEY0RRWHMxRHhKWWVZOFNPeEJuVEU3L2g0bTNLdGY2?= =?utf-8?B?dmNOdStDMHRKY1dCdlMzbHdXckFJK3BGcER1dDdrVkRpT3dWRVVSY3NRRHNS?= =?utf-8?B?MlF5SCs1SmpDUUdFUkZTMytaWnVqdW5uVGordmZrOVBnUFpqZ0psaVdZS1Bw?= =?utf-8?B?MlpJQ2JPU21qZkt5U2dDWWdhaEpQR24yUkp5TnAyL0k3a29rTVpZdkZhRENR?= =?utf-8?B?VjQ4SzFoQTRIVDR4NzlvSjJ2ZDBhZkVnREViT09mTEJYUXNnajhQbWdtamc2?= =?utf-8?B?ZXhaeCtCS0o0UVNoU1JpWXE5bXRHVHBabHMrRy9aMXJIeU1meDZuU2sybVVn?= =?utf-8?B?ZFN4ZUw4ejBObEkxQmhTYzVPQmJ0Zkg2azkweUZJdktxYzRoUWNISmJSV0l1?= =?utf-8?B?aHhFZGMybFhUdHVpbkYxaEJHb1lONDFob05kVmRqZmlRTmtBVTlxdlZEVGZu?= =?utf-8?B?RmEzM0VTdGZtOXZpeDBCQWIvcmE0UXNTQXhhN1cwV25VS0ZHUW5UK3JqVXpq?= =?utf-8?B?emFlUHdWeUdDY21Va2Z5UDBSVWFMYVFvRnVMVWZoZW0yaHAwbDhMdUJmRmto?= =?utf-8?B?bXgzMXd0cDlJS3dUQ1hnRVV4L09TZ1A3djR5WWhPQmFod1RvU2tnVWhGYlBn?= =?utf-8?B?RU5wTWs1WHlWNkVKNXZzT0xWa3JMbjV4RHAya3krU08wck02N2IwS0FsZXNR?= =?utf-8?B?VjZBWS9jUVNPSWMrVm52U0JTV0hGbUgrWno0NXF5dmFtNW5ZTyszazdEbEdL?= =?utf-8?B?N3l1OUE0V0ZqbmpqRnQ0bkRmQU4rQ05BMUtUSFdIQnUrckxxeVVUanNhbmYy?= =?utf-8?B?UElNdnE2ZkN4Rzd1Wm9Bblp4eEdyRHRaQmVWQUFEMDkyc0NtZXRhTHdXamtW?= =?utf-8?B?YUxyQzgvaXFXa1IzaWJGUzJPa3RHL1NGZ2F0T3dNOXREbTF2Uk9aVmFMTUEx?= =?utf-8?B?TUg4bTNLU3FCNjNkNUgyMjZOUGEvSytPb0hINU43NzNZNkU3a1o2RHNnQjRo?= =?utf-8?B?VElEcHlsNjZ0TmZZeGVGQ0ZWbWRzT3pZTTcvSUE2RWd4SXNzMUJsc0JTU1dr?= =?utf-8?B?ZStIcHJUUXdTR280YUJRQXpvdlBod1ZBS0gyOXFFdFZWL1dWRVMrTkZmdzJ1?= =?utf-8?Q?DisbqsQhqYoDXq90Sw=3D?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 259f60f0-00ad-4888-c6a4-08dac3552c05 X-MS-Exchange-CrossTenant-AuthSource: SN7PR11MB6678.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Nov 2022 19:53:01.0328 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0PR11MB5696 Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi Mike, One thing that comes to mind, is I can have the PR from dependabot automatically have a label added (e.g. "do-not-merge") and then update the mergify configuration to prevent merging of PRs with that label. I can also have a comment automatically added to the PR that explains it is only for reference. I made this changes on my fork in the following commits. What do you think? - Branch: https://github.com/makubacki/edk2/commits/enable_dependabot - Commit 1: https://github.com/makubacki/edk2/commit/7c8331885a9e052084cfdb5d40c845a0efd77248 - Commit 2: https://github.com/makubacki/edk2/commit/48be17075903cfc5278fd9bb031b965954d15bbb Thanks, Michael On 11/10/2022 11:44 AM, Michael D Kinney wrote: > Hi Michael, > > Thanks. This feature is really useful to help keep our dependencies up to date. > > For the EDK II Development Process, the PRs produced by dependabot would only > be informative and would never be merged directly. How do we mark these PRs > so they are never merged directly with a "push" label? > > The EDK II Maintainers can monitor these PRs and when there is something that > needs to be updated, a developer can produce patches and send reviews > with required Signed-off-by and Reviewed-by tags in the commit message. > > Thanks, > > Mike > >> -----Original Message----- >> From: devel@edk2.groups.io On Behalf Of Michael Kubacki >> Sent: Thursday, November 10, 2022 5:47 AM >> To: devel@edk2.groups.io >> Cc: Sean Brogan ; Kinney, Michael D >> Subject: [edk2-devel] [PATCH v1 1/1] .github/dependabot.yml: Enable dependabot >> >> From: Michael Kubacki >> >> Enables dependabot in this repo so we can better alerted when >> dependency updates are available. >> >> This GitHub action will automatically create pull requests and >> summarize the dependency details. Because it is a pull request, >> the CI system will validate the dependency update in the pull >> request. >> >> Configures dependabot for: >> >> 1. PIP module updates >> 2. Submodule updates >> 3. GitHub action updates >> >> The maintainers/reviewers of the .github directory were added as >> pull request reviewers so they can be notified when the pull request >> is available. >> >> Cc: Sean Brogan >> Cc: Michael D Kinney >> Signed-off-by: Michael Kubacki >> --- >> >> Notes: >> An example of the pull requests created by this change >> are available on my edk2 fork: >> >> https://github.com/makubacki/edk2/pulls >> >> .github/dependabot.yml | 45 ++++++++++++++++++++ >> 1 file changed, 45 insertions(+) >> >> diff --git a/.github/dependabot.yml b/.github/dependabot.yml >> new file mode 100644 >> index 000000000000..7f405721fd3d >> --- /dev/null >> +++ b/.github/dependabot.yml >> @@ -0,0 +1,45 @@ >> +## @file >> +# Dependabot configuration file to enable GitHub services for managing and updating >> +# dependencies. >> +# >> +# Copyright (c) Microsoft Corporation. >> +# SPDX-License-Identifier: BSD-2-Clause-Patent >> +# >> +# Please see the documentation for all configuration options: >> +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates >> +## >> +version: 2 >> +updates: >> + - package-ecosystem: "pip" >> + directory: "/" >> + schedule: >> + interval: "daily" >> + commit-message: >> + prefix: "pip" >> + reviewers: >> + - "makubacki" >> + - "mdkinney" >> + - "spbrogan" >> + >> + - package-ecosystem: "gitsubmodule" >> + directory: "/" >> + schedule: >> + interval: "daily" >> + commit-message: >> + prefix: "submodule" >> + reviewers: >> + - "makubacki" >> + - "mdkinney" >> + - "spbrogan" >> + >> + - package-ecosystem: "github-actions" >> + directory: "/" >> + schedule: >> + interval: "weekly" >> + day: "monday" >> + commit-message: >> + prefix: "GitHub Action" >> + reviewers: >> + - "makubacki" >> + - "mdkinney" >> + - "spbrogan" >> -- >> 2.28.0.windows.1 >> >> >> >> -=-=-=-=-=-= >> Groups.io Links: You receive all messages sent to this group. >> View/Reply Online (#96187): https://edk2.groups.io/g/devel/message/96187 >> Mute This Topic: https://groups.io/mt/94935824/1643496 >> Group Owner: devel+owner@edk2.groups.io >> Unsubscribe: https://edk2.groups.io/g/devel/unsub [michael.d.kinney@intel.com] >> -=-=-=-=-=-= >> > > > > > >