Skip to content

Add cargo-outdated check #53

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 8 commits into from
Closed

Add cargo-outdated check #53

wants to merge 8 commits into from

Conversation

SergioGasquez
Copy link
Member

Add a cargo-outdated check that can help us maintain the dependencies up to date.

Maybe this is not something we want, as sometimes we may not want to update some dependencies and it would result in a CI failure until its updated, let me know your thoughts and I am happy to close the PR if agreed

@MabezDev
Copy link
Member

MabezDev commented Feb 6, 2023

Is there a way to just warn on outdated deps?

Another thing I've been thinking about is dependabot or equivalent to generate the PRs for us for simple bumps, but I haven't looked too much into it.

@SergioGasquez
Copy link
Member Author

Is there a way to just warn on outdated deps?

I think it does. It allows configuring the exit-code so we could succeed even if some dependencies are not up to date. This could also be a great option but it would require us to see the output of the action

Another thing I've been thinking about is dependabot or equivalent to generate the PRs for us for simple bumps, but I haven't looked too much into it.

I'm using dependabot in espup for Rust dependencies and CI actions and I find it very useful but I don't think we can use it here for Rust as the dependencies can only be checked once the project is generated (we cant check the Cargo.toml before generating as it includes some weird cargo-generate stuff in it)

@MabezDev
Copy link
Member

MabezDev commented Feb 6, 2023

I think it does. It allows configuring the exit-code so we could succeed even if some dependencies are not up to date. This could also be a great option but it would require us to see the output of the action

Gotcha, seems like github actions don't support something like gitlabs allow_failure which just prints a warning with the failure.

I like the idea of this, but you're right that we might find ourselves in a situation where CI is broken for a while because we haven't/can't upgrade to a new dep somewhere.

@jessebraham
Copy link
Member

Thanks for the PR, sorry but I don't want random CI errors every time a package is published, that sounds really frustrating. If it's just a warning I guess that's acceptable, though I'm not sure of the utility of it at that point given they'll likely just be ignored and forgotten.

@SergioGasquez
Copy link
Member Author

I've added continue-on-error to the cargo-outdated step so the CI can succeed when this step fails and we can see the errors in the summary as annotations. Eg: https://github.com/esp-rs/esp-template/actions/runs/4172889416

If you think this still won't be useful as we would ignore them, I can try to keep a branch in my fork that does weekly checks (sort of like a custom dependabot)

@bjoernQ bjoernQ mentioned this pull request Feb 17, 2023
Closed
@jessebraham
Copy link
Member

As discussed in the last community meeting, I think warnings will likely just get ignored by most contributors (myself included, realistically).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@SergioGasquez @MabezDev @jessebraham