-
Notifications
You must be signed in to change notification settings - Fork 906
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create dependabot.yml configuration file for version updates #1862
Conversation
Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com>
Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com>
Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com>
Thanks for the explanation @SajidAlamQB! At a glance it looks like the vast majority of these updates are for dataset requirements - is that right? Given that all these requirements would move to There's also a problem here that the bumps to dataset requirements are just altering test_requirements.txt and not the ones in setup.py which are the ones that actually matter to users e.g. https://github.com/SajidAlamQB/kedro/pull/2. We have a ticket to clean up this setup but again I'm not sure when we'll be doing it: #1498. Ideally I'd say that here we just limit dependabot to looking at requirements.txt and not test_requirements.txt for now, and deal with the dataset dependencies separately. Problem is that from what @rashidakanchwala said there didn't seem to be a good way to do that... Maybe there's something clever we could do with @MerelTheisenQB thoughts? |
You raise a lot of great points here @AntonyMilneQB !
I agree it would be better to make the changes on
This is a very crucial point. If dependabot only bumps
☝️ This would be a good solution in the meantime. But I definitely feel that we should look at how |
Thanks @AntonyMilneQB that makes a lot of sense.
Looking through this thread dependabot/dependabot-core#4364 there isn't a direct way through the |
you could also ignore test_requirements.txt if you change directory to the specific directory which only has requirements.txt (if that's the case) |
A user on the GitHub Issue I posted earlier recommended using renovate GitHub app: https://github.com/renovatebot/renovate which is an alternative to Dependabot. It does allow for more customizability but wanted to know everyone's thoughts on using this. @AntonyMilneQB @MerelTheisenQB |
Renovate looks really good! It has lots of stars on Github and seems to be maintained actively as well. I also read in a blog that it creates bigger PRs merging updates rather than a single PR for each update, which might be easier to get merged. If we go for this, I do think it would be better to use it for Viz as well so there's consistency in which tools we use. |
Below I have highlighted three options we can take for this issue (Please let me know if you think of any others): Option 1 (Simple solution): We use dependabot as is and manually go through its PRs selecting the ones we want to be merged. Option 2 (Breaking change?): The only real way we can tell dependabot which manifest files to use is by specifying the directory. Therefore if we place the requirements.txt or any other files in a specific directory rather than root we can limit which files dependabot uses. Option 3 (Complex solution): We can alternatively forgo dependabot in favour of renovate, which is a GitHub app that is more configurable than dependabot. But this solution may mean we also have to change kedro-viz.
EDIT: After some testing on starters I was unable to get dependabot working properly. Dependabot can only run version updates on manifest files if it can access all of the dependencies in the file, even if you add inaccessible dependencies to the ignore option of your configuration file. In our starters requirments.txt we have |
Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com>
Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com>
Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com>
I wonder if this needs to be changed as well: I'm not actually sure how that checksum stuff works. The file is mentioned in a string so I don't know if it matters that it's now in a different directory.. 🤔 |
Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com>
Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com>
Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com>
Looks good! The fork branch is not accessible to me, I think it helps if I can see the result of the dependent bot PR. A couple of questions:
3.I suggest do a global search of requirements.txt and other dependencies file to make sure we didn't miss any doc. |
Thanks for the reply @noklam, after some discussion with the team we decided to limit dependabot just to update requirements.txt hence why requirements.txt has been moved to its own directory so dependabot can only access that. With this change, there are no longer 46 PRs only 10 you can view the updated fork here: https://github.com/SajidAlamQB/kedro-3/pulls Once requirements move to kedro-datasets we will implement dependabot there as well. There is still some lingering work to be done before we can fully embrace dependabot, I think we simplify this issue to have a basic implementation of it for now though. |
Thank you @SajidAlamQB, I have had a quick look at the PRs and I have a follow-up question. What PR are we going to merge? Do we accept all PRs as long as it passes the tests? @MerelTheisenQB
For example, I think this is a useful PR - as it updates the upper bound and user may need it. But why is it also changing the lower bound to
For this PR, does it matters since we use |
I think in practice we will merge most PRs, but we should be critical and have a proper look at what dependabot is actually changing. It shouldn't change lower bounds, but if it's a change that doesn't do much but isn't harmful either, we'll just get it in. |
We can add versioning strategies to avoid updating lower bounds and constraining it to just upper bounds. |
I think the only problem with this, is that sometimes you have to bound the lower version, because of some vulnerability that was exposed and you should only use newer versions going forward. |
Dependabot remarks: Dependabot version updates for Kedro will help us bump dependencies automatically but has some limitations. With the work being done on kedro-datasets and the improvements to test_requirments.txt setup, we decided to simplify dependabot to just requirments.txt. Due to the limitation of dependabot configuration, we can't tell it what files it can access explicitly so we get around this by limiting which directory dependabot can scan. With this in mind, we have moved Have a look at a forked Kedro repo with the above-mentioned changes: https://github.com/SajidAlamQB/kedro-3/pulls Furthermore, after some testing on starters, dependabot was not able to work properly. Dependabot can only run version updates on manifest files if it can access all of the dependencies in the file, even if you add inaccessible dependencies to the ignore option of your configuration file. In our starters |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for investigating all options with dependabot @SajidAlamQB ! This is already a step closer in improving our dependency management 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for explaining and nice write up! I think it is a good first step even if it's not automating everything.
Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com>
reolve conflicts Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com>
* Create dependabot.yml configuration file * Update dependabot.yml Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * add target-branch Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update dependabot.yml Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * limit dependabot to just dependency folder Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update test_requirements.txt Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update MANIFEST.in Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * fix e2e Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update continue_config.yml Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update requirements.txt Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update requirements.txt Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * fix link Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * revert Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Delete requirements.txt Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com>
…rg#1862) * Create dependabot.yml configuration file * Update dependabot.yml Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * add target-branch Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update dependabot.yml Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * limit dependabot to just dependency folder Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update test_requirements.txt Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update MANIFEST.in Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * fix e2e Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update continue_config.yml Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update requirements.txt Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update requirements.txt Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * fix link Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * revert Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Delete requirements.txt Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> Signed-off-by: nickolasrm <nickolasrochamachado@gmail.com>
* Release/0.18.3 (#1856) * Update release version and release notes Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> * Update missing release notes Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> * update vresion Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> * update release notes Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Remove comment from code example Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Remove more comments Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Add YAML formatting Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Add missing import Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Remove even more comments Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Remove more even more comments Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Add pickle requirement to extras_require Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Try fix YAML docs Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Try fix YAML docs pt 2 Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Fix code snippets in docs (#1876) * Fix code snippets Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Separate code blocks Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Lint Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Fix issue with specifying format for SparkHiveDataSet (#1857) Signed-off-by: jstammers <jimmy.stammers@cgastrategy.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Update RELEASE.md (#1883) * Update RELEASE.md * fix broken link * Update RELEASE.md Co-authored-by: Merel Theisen <49397448+MerelTheisenQB@users.noreply.github.com> Co-authored-by: Merel Theisen <49397448+MerelTheisenQB@users.noreply.github.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Deprecate `kedro test` and `kedro lint` (#1873) * Deprecating `kedro test` and `kedro lint` Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> * Deprecate commands Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> * Make kedro looks prettier * Update Linting Signed-off-by: Nok <nok_lam_chan@mckinsey.com> Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> Signed-off-by: Nok <nok_lam_chan@mckinsey.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Fix micro package pull from PyPI (#1848) Signed-off-by: Florian Gaudin-Delrieu <florian.gaudindelrieu@gmail.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Update Error message for `VersionNotFoundError` to handle Permission related issues better (#1881) * Update message for VersionNotFoundError Signed-off-by: Ankita Katiyar <110245118+ankatiyar@users.noreply.github.com> * Add test for VersionNotFoundError for cloud protocols * Update test_data_catalog.py Update NoVersionFoundError test * minor linting update * update docs link + styling changes * Revert "update docs link + styling changes" This reverts commit 6088e00. * Update test with styling changes * Update RELEASE.md Signed-off-by: ankatiyar <ankitakatiyar2401@gmail.com> Signed-off-by: Ankita Katiyar <110245118+ankatiyar@users.noreply.github.com> Signed-off-by: ankatiyar <ankitakatiyar2401@gmail.com> Co-authored-by: Ahdra Merali <90615669+AhdraMeraliQB@users.noreply.github.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Update experiment tracking documentation with working examples (#1893) Signed-off-by: Merel Theisen <merel.theisen@quantumblack.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Add NHS AI Lab and ReSpo.Vision to companies list (#1878) Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Document how users can use pytest instead of kedro test (#1879) * Add best_practices.md with introductory sections Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Add pytest and pytest-cov sections Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Add pytest-cov coverage report Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Add sections on pytest-cov Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Add automated_testing to index.rst Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Reformat third-party library names and clean grammar. Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Add link to virtual environment docs Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Add example of good test naming Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Improve link accessibility Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Improve pytest docs link accessibility Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Add reminder link to virtual environment docs Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Fix formatting in link to coverage docs Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Remove reference to /src under 'Run your tests' Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Modify references to <project_name> to <package_name> Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Fix sentence structure Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> * Fix broken databricks doc link Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Capitalise Kedro-Viz in the "Visualize layers" section (#1899) * Capitalised kedro-viz Signed-off-by: yash6318 <yash.agrawal.cse21@iitbhu.ac.in> * capitalised Kedro viz Signed-off-by: yash6318 <yash.agrawal.cse21@iitbhu.ac.in> * Updated set_up_experiment_tracking.md Co-authored-by: Deepyaman Datta <deepyaman.datta@utexas.edu> Signed-off-by: yash6318 <yash.agrawal.cse21@iitbhu.ac.in> Signed-off-by: yash6318 <yash.agrawal.cse21@iitbhu.ac.in> Co-authored-by: Deepyaman Datta <deepyaman.datta@utexas.edu> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Fix linting on autmated test page (#1906) Signed-off-by: Merel Theisen <merel.theisen@quantumblack.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Add _SINGLE_PROCESS property to CachedDataSet (#1905) Signed-off-by: Carla Vieira <carlaprv@hotmail.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Update the tutorial of "Visualise pipelines" (#1913) * Change a file extention to match the previous article Signed-off-by: dinotuku <kuan.tung@epfl.ch> * Add a missing import Signed-off-by: dinotuku <kuan.tung@epfl.ch> * Change both preprocessed datasets to parquet files Signed-off-by: dinotuku <kuan.tung@epfl.ch> * Change data type to ParquetDataSet for parquet files Signed-off-by: dinotuku <kuan.tung@epfl.ch> * Add a note for installing seaborn if it is not installed Signed-off-by: dinotuku <kuan.tung@epfl.ch> Signed-off-by: dinotuku <kuan.tung@epfl.ch> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Document how users can use linting tools instead of `kedro lint` (#1904) * Add documentation for linting tools Signed-off-by: Ankita Katiyar <ankitakatiyar2401@gmail.com> * Revert changes to commands_reference.md Signed-off-by: Ankita Katiyar <ankitakatiyar2401@gmail.com> * Update linting docs with suggestions Signed-off-by: Ankita Katiyar <ankitakatiyar2401@gmail.com> * Update linting doc Signed-off-by: Ankita Katiyar <ankitakatiyar2401@gmail.com> Signed-off-by: Ankita Katiyar <ankitakatiyar2401@gmail.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Make core config accessible in dict get way (#1870) Signed-off-by: Merel Theisen <merel.theisen@quantumblack.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Create dependabot.yml configuration file for version updates (#1862) * Create dependabot.yml configuration file * Update dependabot.yml Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * add target-branch Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update dependabot.yml Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * limit dependabot to just dependency folder Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update test_requirements.txt Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update MANIFEST.in Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * fix e2e Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update continue_config.yml Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update requirements.txt Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Update requirements.txt Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * fix link Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * revert Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * Delete requirements.txt Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Update dependabot config (#1928) Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Update robots.txt (#1929) Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * fix broken link (#1950) Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Update dependabot.yml config (#1938) * Update dependabot.yml Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * pin jupyterlab_services to requirments Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> * lint Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Update setup.py Jinja2 dependencies (#1954) Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Update pip-tools requirement from ~=6.5 to ~=6.9 in /dependency (#1957) Updates the requirements on [pip-tools](https://github.com/jazzband/pip-tools) to permit the latest version. - [Release notes](https://github.com/jazzband/pip-tools/releases) - [Changelog](https://github.com/jazzband/pip-tools/blob/master/CHANGELOG.md) - [Commits](jazzband/pip-tools@6.5.0...6.9.0) --- updated-dependencies: - dependency-name: pip-tools dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Update toposort requirement from ~=1.5 to ~=1.7 in /dependency (#1956) Updates the requirements on [toposort]() to permit the latest version. --- updated-dependencies: - dependency-name: toposort dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sajid Alam <90610031+SajidAlamQB@users.noreply.github.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Add deprecation warning to package_name argument in session create() (#1953) Signed-off-by: Merel Theisen <merel.theisen@quantumblack.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Remove redundant `resolve_load_version` call (#1911) * remove a redundant function call Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> * Remove redundant resolove_load_version & fix test Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> * Fix HoloviewWriter tests with more specific error message pattern & Lint Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> * Rename tests Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Make docstring in test starter match real starters (#1916) Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> * Try to fix formatting error Signed-off-by: Merel Theisen <merel.theisen@quantumblack.com> * Specify pickle import Signed-off-by: Nok Chan <nok.lam.chan@quantumblack.com> Signed-off-by: Ahdra Merali <ahdra.merali@quantumblack.com> Signed-off-by: jstammers <jimmy.stammers@cgastrategy.com> Signed-off-by: Nok <nok_lam_chan@mckinsey.com> Signed-off-by: Florian Gaudin-Delrieu <florian.gaudindelrieu@gmail.com> Signed-off-by: Ankita Katiyar <110245118+ankatiyar@users.noreply.github.com> Signed-off-by: ankatiyar <ankitakatiyar2401@gmail.com> Signed-off-by: Merel Theisen <merel.theisen@quantumblack.com> Signed-off-by: Jannic Holzer <jannic.holzer@quantumblack.com> Signed-off-by: yash6318 <yash.agrawal.cse21@iitbhu.ac.in> Signed-off-by: Carla Vieira <carlaprv@hotmail.com> Signed-off-by: dinotuku <kuan.tung@epfl.ch> Signed-off-by: Ankita Katiyar <ankitakatiyar2401@gmail.com> Signed-off-by: SajidAlamQB <90610031+SajidAlamQB@users.noreply.github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Nok <mediumnok@gmail.com> Co-authored-by: Jimmy Stammers <jimmy.stammers@gmail.com> Co-authored-by: Merel Theisen <49397448+MerelTheisenQB@users.noreply.github.com> Co-authored-by: Florian Gaudin-Delrieu <9217921+FlorianGD@users.noreply.github.com> Co-authored-by: Ankita Katiyar <110245118+ankatiyar@users.noreply.github.com> Co-authored-by: Yetunde Dada <43755008+yetudada@users.noreply.github.com> Co-authored-by: Jannic <37243923+jmholzer@users.noreply.github.com> Co-authored-by: Yash Agrawal <96697569+yash6318@users.noreply.github.com> Co-authored-by: Deepyaman Datta <deepyaman.datta@utexas.edu> Co-authored-by: Carla Vieira <carlaprv@hotmail.com> Co-authored-by: Kuan Tung <kuan.tung@epfl.ch> Co-authored-by: Sajid Alam <90610031+SajidAlamQB@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Merel Theisen <49397448+merelcht@users.noreply.github.com> Co-authored-by: Merel Theisen <merel.theisen@quantumblack.com>
Description
Related Issue: #1810
This PR aims to add Dependabot Version updates for Kedro.
Dependabot will monitor only these files in kedro:
As this is the initial PR for dependabot it has identified 10 different dependencies that need updating. As discussed with @rashidakanchwala the configuration for dependabot will be initially set to daily checks with a limit of 50 PRs that the bot can open. Follow-up PRs will be made to change the configuration into a weekly check for updates and remove the maximum PR limit.
Development notes
To keep things similar between framework and viz a branch,
dependency-update
, will be created and used by dependabot. We will also keep thedependency
label consistent.I have tested this out on a forked kedro repo see the result here: https://github.com/SajidAlamQB/kedro-3/pulls
After some testing on starters, I was unable to get dependabot working properly. Dependabot can only run version updates on manifest files if it can access all of the dependencies in the file, even if you add inaccessible dependencies to the ignore option of your configuration file. In our starters requirments.txt we have kedro[pandas.CSVDataSet]~={{ cookiecutter.kedro_version }} dependency which dependabot couldn't parse hence it is failing.
Checklist
RELEASE.md
file