Closed Bug 1606763 Opened 6 years ago Closed 6 years ago

switch to dependabot (antenna)

Categories

(Socorro :: Antenna, task, P1)

Product:
Socorro
Component:
Antenna
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: willkg, Assigned: willkg)

Details

Attachments

(3 files)

pr 375: bug 1606763: switch to dependabot
52 bytes, text/x-github-pull-request
Details | Review
pr 412: bug 1606763: remove pyup configuration
52 bytes, text/x-github-pull-request
Details | Review
pr 413: bug 1606763: fix location of Dockerfiles
52 bytes, text/x-github-pull-request
Details | Review

Antenna currently relies on pyup.io to keep dependencies updated. pyup seems to have died or something--they haven't done any updates in several months and attempts to contact them haven't been successful.

This bug covers switching to dependabot.

Making this a P1 because we really want to be covered by something. Taking it to work on.

Assignee: nobody → willkg
Status: NEW → ASSIGNED
Priority: -- → P1

I spent some time with dependabot and I can't figure out how to set it up. I feel really foolish.

Greg: How do we set up Antenna with dependabot like other mozilla-services services? Seems like we need to add a config file to the repo (that's easy) and then do something on the dependabot site (I don't understand this part). Do you need to set it up? Do I need access to something to set it up?

Flags: needinfo?(gguthe)

How do we set up Antenna with dependabot like other mozilla-services services? Seems like we need to add a config file to the repo (that's easy) and then do something on the dependabot site (I don't understand this part). Do you need to set it up? Do I need access to something to set it up?

Not fully sure, I've done this for some of my repos in moz-svcs. There's an org-level permission enabling the app that should be enabled for mozilla-services, and I think you should be able to enable the app on https://app.dependabot.com/accounts/mozilla-services (via + add repos) then configure it there (adding languages and whatnot) or having it use your config file.

Let me know if that doesn't work and I can check with hwine re: perms and the precise procedure.

Flags: needinfo?(gguthe)

It's not working for me. I get a "Could not find account" error for that mozilla-services page.

:hwine does willkg needs perms to add https://github.com/mozilla-services/antenna to dependabot or do you need to enable something for them?

I've added it to my projects, but I'm not sure what the process is for everyone else (since we might be migrated a bunch of repos from pyup).

Flags: needinfo?(hwine)

I have access to dependabot mozilla-services and can see Antenna now. I don't know what changed, but it seems fixed now. Plus we got a torrent of PRs.

Further, Greg removed Antenna from pyup, so I think we're all set here.

Thank you everyone!

Flags: needinfo?(hwine)
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Summary: switch to dependabot → switch to dependabot (antenna)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: