-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add --upgrade
to ./hack/update-deps.sh
#2133
Conversation
Hi @mattmoor. Thanks for your PR. I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@vdemeester thoughts? I'd like to enable our automation to keep you folks closer to HEAD (and us aware of Tekton breakages). |
Triggers needs something similar, but I wanted to discuss things here first 😉 |
/ok-to-test
This I like. @mattmoor do you plan to have a bot that tries that ? It will only try release version or master ? (I am less a fan of upgrading daily to master knative/pkg but having something that upgrade to new release automatically is something I would like 👼) |
@vdemeester This fast forwards branch dependencies, so master would track HEAD and |
right… we don't have that |
Also with the replace rules, I think |
@vdemeester Correct, knative/pkg does branching not tagging. The replace rules would have to drop for this to be effective, you are right that it is a no-op by itself. That said, IIUC (please correct, I'm a If a breakage were introduced, we would detect it in the automatic PR within a day, and the breakage could either be fixed or the dependency pinned (with replace) to avoid folks hitting this. |
So there is two things:
@mattmoor does that make sense ? |
Generally, yes. I haven't followed what your release cadence is, but we have been doing every 6 weeks with a knative/pkg cut on the 5th week, where we then pin downstream repos to |
Alright, I can see this being useful. We will need to update a bit our release process (automatically creating a release branch and "freeze" the Let's at least wait for release 0.11 to get done before merging this 👼 /hold |
@vdemeester looking at go.mod, you don't have a lot of control here. Even your e.g. FLOATING_DEPS=(
# Pin to knative "0.13" release, but allow picking up cherry-picks.
"knative.dev/[email protected]"
"knative.dev/caching" # we don't currently cut releases.
"knative.dev/[email protected]"
) |
/retest |
@mattmoor yeah the script currently doesn't upgrade anything by itself, it's a "manual" run of a user to update a dep. |
I really like that 👼 |
/retest |
I wanted to ping this now that your release seems to be cut. LMK if I should change anything. |
/hold cancel |
For Knative, we have bots that update our inter-repo dependencies each weekday morning (PST), which enables us to very quickly detect and resolve breakages. I hadn't enabled this for Tekton (thus far) because it used `go mod`, which was foreign enough to me that I avoided it like the plague. However, a number of factors have pushed me in the direction of having a standard `./hack/update-deps.sh` mechanism for bumping certain dependencies, which enables us to support `go mod` (in Tekton as well as our own in the future). This trivially enables us to enable the bots for Tekton because `go mod` becomes a hidden implementation detail.
So I just used the same process to enable this for our client repository, and you can see it in action here: knative/client#713. I've actually incorporated some of the improvements from that here (e.g. This regularly catches cross-repo breakages for us, which lets us fix them while the context is fresh. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/meow
/cc @sbwsg @bobcatfish for validation
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@vdemeester: GitHub didn't allow me to request PR reviews from the following users: for, validation. Note that only tektoncd members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vdemeester The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
For Knative, we have bots that update our inter-repo dependencies each weekday morning (PST), which enables us to very quickly detect and resolve breakages.
I hadn't enabled this for Tekton (thus far) because it used
go mod
, which was foreign enough to me that I avoided it like the plague. However, a number of factors have pushed me in the direction of having a standard./hack/update-deps.sh
mechanism for bumping certain dependencies, which enables us to supportgo mod
(in Tekton as well as our own in the future).This trivially enables us to enable the bots for Tekton because
go mod
becomes a hidden implementation detail.For an example breaking change this would catch quickly: #2126