Skip to content

Maintenance: ignore available updates for CDK v2 and reduce frequency of new PRs #672

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
saragerion opened this issue Mar 18, 2022 · 3 comments · Fixed by #766
Closed

Maintenance: ignore available updates for CDK v2 and reduce frequency of new PRs #672

saragerion opened this issue Mar 18, 2022 · 3 comments · Fixed by #766
Assignees
@dreamorosi
Labels
automation This item relates to automation completed This item is complete and has been merged/shipped good-first-issue Something that is suitable for those who want to start contributing
Milestone
production-ready-...

Comments

@saragerion
Copy link
Contributor

saragerion commented Mar 18, 2022
edited
Loading

Description of the feature request

Context - Dependabot
We use dependabot for version updates:
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates

Our current dependabot configuration can be found here:
https://github.com/awslabs/aws-lambda-powertools-typescript/blob/main/.github/dependabot.yml
Our team merges or rejects PRs automatically opened by the dependabot around once a week (usually on Fridays).

We need to update our current dependabot configuration to reduce the number of PRs open at once, especially the ones we don't need.

Problem statement

Problem 1:
As stated in our Contributing guidelines, we use AWS CDK v1 library and not v2 due to this limitation.

Right now we receive a lot of PRs requests opened by the dependabot, to update CDK dependencies to the v2 versions. This adds a lot of noise and requires the continuous action of closing/ignoring those PRs.

Problem: 2
Since we merge dependabot PRs once a week but the dependabot PRs are created daily, this results in a lot of PRs being opened every day that add a lot of noise and pollution to our PR list.

Summary of the feature

[] Reduce the frequency of PRs from daily to weekly (ideally on a thursday)
[] Ignore version updates for dependecies related to CDK v2.

Code examples

Github docs: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#specifying-dependencies-and-versions-to-ignore

Benefits for you and the wider AWS community

Maintainers more focused and less distracted.

Describe alternatives you've considered

N/A

Additional context

N?A

Related issues, RFCs

aws/aws-cdk#18211
@saragerion saragerion added good-first-issue Something that is suitable for those who want to start contributing triage This item has not been triaged by a maintainer, please wait labels Mar 18, 2022
@saragerion saragerion added this to the production-ready-release milestone Mar 18, 2022
@saragerion saragerion added utility:all automation This item relates to automation labels Mar 18, 2022
@dreamorosi
Copy link
Contributor

Just an additional nuance to complement the CDK topic: we are using CDK v1 in the integration tests of the utilities (i.e. under packages/logger/tests/e2e/), this is rolled up into the package.json & package-lock.json in the root of the project (here).

We are instead using CDK v2 the examples (under examples/cdk), this dependency is instead tracked in examples/cdk/package.json (since the examples are not part of the npm workspace.

@dreamorosi dreamorosi self-assigned this Apr 14, 2022
@dreamorosi
Copy link
Contributor

First part of this issue has already been addressed in #676 so we are not using CDK v1 anymore in this repo.

@dreamorosi dreamorosi mentioned this issue Apr 14, 2022
Merged
5 tasks
@dreamorosi dreamorosi linked a pull request Apr 14, 2022 that will close this issue
chore: updated depdendabot configs #766
Merged
5 tasks
@github-actions
Copy link
Contributor

⚠️ COMMENT VISIBILITY WARNING ⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@dreamorosi dreamorosi removed the triage This item has not been triaged by a maintainer, please wait label Oct 19, 2022
@dreamorosi dreamorosi changed the title Feature (dependabot): ignore available updates for CDK v2 and reduce frequency of new PRs Maintenance: ignore available updates for CDK v2 and reduce frequency of new PRs Nov 14, 2022
@dreamorosi dreamorosi added the completed This item is complete and has been merged/shipped label Nov 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dreamorosi dreamorosi

Labels
automation This item relates to automation completed This item is complete and has been merged/shipped good-first-issue Something that is suitable for those who want to start contributing
Projects
None yet
Milestone
production-ready-release
Development

Successfully merging a pull request may close this issue.

chore: updated depdendabot configs aws-powertools/powertools-lambda-typescript
2 participants
@dreamorosi @saragerion