Rip out dependabot - its worse than useless - its annoying #1615
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
wpaulino
previously approved these changes
Jul 13, 2022
Codecov Report
@@ Coverage Diff @@
## main #1615 +/- ##
==========================================
- Coverage 91.07% 91.03% -0.05%
==========================================
Files 80 80
Lines 44128 44128
Branches 44128 44128
==========================================
- Hits 40190 40171 -19
- Misses 3938 3957 +19
Continue to review full report at Codecov.
|
TheBlueMatt
changed the title
Dependabot has a ton of issues with its rust integration that makes it wholly useless, and very annoying: * It has no concept of MSRV, opening PRs that are not going to pass CI. * It has no concept of patch-level - if we depend on tokio 1.X, that means any version of tokio > 1.X, but dependabot insists on opening a PR to "update us" to tokio 1.X + 1, even though it doesn't impact what version of our users use (and often violates MSRV). * It has no concept of dependencies that rely on each other, causing it to open a PR to update us to bitcoin_hashes X + 1, even though we're still depending on rust-bitcoin Y which depends on bitcoin_hashes X, causing build failure. * It hogs CI resources, getting CI run twice, once for the branch once for the PR. * It creates branches directly on the rust-lightning repo, making it look like the work is somehow connected to the lightningdevkit project, even though it isn't, and spamming the local clones of project contributors. At the end of the day, dependabot has never meaningfully contributed to notifying us of an important dependency, and, really, we don't have enough dependencies for it to matter.
TheBlueMatt
force-pushed
the
2022-07-screw-dependabot
branch
from
0a8bfde to
a911ca8
Compare
|
Lol, fixed git commit to say "dependabot", not "dependable". |
jkczyz
approved these changes
Jul 13, 2022
valentinewallace
approved these changes
Jul 13, 2022
|
RIP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Dependabot has a ton of issues with its rust integration that makes
it wholly useless, and very annoying:
CI.
that means any version of tokio > 1.X, but dependabot insists on
opening a PR to "update us" to tokio 1.X + 1, even though it
doesn't impact what version of our users use (and often violates
MSRV).
causing it to open a PR to update us to bitcoin_hashes X + 1,
even though we're still depending on rust-bitcoin Y which
depends on bitcoin_hashes X, causing build failure.
once for the PR.
it look like the work is somehow connected to the
lightningdevkit project, even though it isn't, and spamming the
local clones of project contributors.
At the end of the day, dependabot has never meaningfully
contributed to notifying us of an important dependency, and,
really, we don't have enough dependencies for it to matter.