Open
Bug 1618282
(updatebot)
Opened 5 years ago
Updated 7 months ago
[meta] Automatic Updating of Dependencies
Categories
(Developer Infrastructure :: Mach Vendor & Updatebot, enhancement)
Developer Infrastructure
Mach Vendor & Updatebot
Tracking
(Not tracked)
NEW
People
(Reporter: tjr, Assigned: tjr)
References
(Depends on 8 open bugs)
Details
(Keywords: meta)
This bug tracks the development of a system to detect when updates are available to dependencies, file a bug, apply them to m-c, submit it to try, attach a patch, follow up on the try results and either flag the patch for review or test failures or similar for investigation.
Comment 1•4 years ago
|
||
Here is what renovate produces:
https://github.com/sylvestre/gecko-dev/pull/21
Assignee | ||
Updated•4 years ago
|
Depends on: updatebot-bump
Comment 2•4 years ago
|
||
Chatted with Tom over Zoom:
UpdateBot
will (at least for Python) manage a list of dependencies that it cares about being up-to-date - it isn't going to publish updates for all out-of-date packages.- It would be a good idea for Mach developers and the security team to meet in the middle: Mach should expose an interface to update a specific package wherever its used, regenerate lockfiles, update vendored packages, and so on, and
UpdateBot
can just interface with this and then run the tasks that it wants to. - I've attached a new blocking bug: Mach is currently undergoing some tweaks to allow separate distinct sets of dependencies for different Mach commands. This work affects Python dependency management, so we'll defer
UpdateBot
's integration with Python until after this Mach work is complete.
Depends on: 1712131
Comment 3•3 years ago
|
||
Found in triaging, 302 to the appropriate component. Please let me know if there's anything I may have missed.
Assignee: nobody → tom
Component: General → Mach Vendor & Updatebot
Product: Release Engineering → Developer Infrastructure
Updated•2 years ago
|
Severity: normal → S3
Updated•7 months ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•