Skip to content

Update all actions and use dependabot#416

Closed
Nerixyz wants to merge 3 commits into
mainfrom
ci/update
Closed

Update all actions and use dependabot#416
Nerixyz wants to merge 3 commits into
mainfrom
ci/update

Conversation

@Nerixyz

@Nerixyz Nerixyz commented Apr 20, 2024

Copy link
Copy Markdown
Contributor

Notably, this updates @actions/checkout from v3 to v4, as it used Node 16 which isn't maintained anymore (notice the warnings at the bottom). Only @actionsx/prettier isn't updated to Node 20 yet (actionsx/prettier#119).

Additionally, I've added Dependabot for GH-Actions to help with keeping them up-to-date.

I noticed, that lcov now works, so codecov.yml might work again (with some adjustments as bors isn't used anymore).

Comment thread .github/workflows/codecov.yml Outdated
@@ -14,7 +14,7 @@ jobs:
# cov is broken upstream, see https://github.com/rust-lang/rust/issues/79645, fix in https://github.com/rust-lang/rust/issues/93054
if: "false"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we enable it?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's try

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose we need to add a CODECOV_TOKEN and add it to the twitch-rs org like described here.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added the secret, just need to add the env to the workflow step

@simonsan

Copy link
Copy Markdown

Have you checked renovate as well, it's more configurable I feel. Example: https://github.com/rustic-rs/rustic/blob/main/.github%2Frenovate.json

@simonsan

Copy link
Copy Markdown

For coverage: haven't looked into the current CI, but here is a workflow using cargo tarpaulin: https://github.com/pace-rs/pace/blob/main/.github%2Fworkflows%2Fcoverage.yaml

@Emilgardis

Copy link
Copy Markdown
Member

we actually have renovate enabled :D, it doesn't work very well. Maybe there's a way to fix it?

Which reminds me, should probably disable it if we switch to dependabot.

@simonsan

Copy link
Copy Markdown

we actually have renovate enabled :D, it doesn't work very well. Maybe there's a way to fix it?

Which reminds me, should probably disable it if we switch to dependabot.

On mobile, so not really able to look into it. But can check later, if there is a way to fix it.

@Nerixyz

Nerixyz commented Apr 21, 2024

Copy link
Copy Markdown
Contributor Author

Have you checked renovate as well, it's more configurable I feel.

Not super familiar with renovate, but we could try to find a good config. I've only used dependabot because we use it in Chatterino and it works there. For rust, it's not ideal, as it only updates the dependencies you have in Cargo.toml, not e.g. Cargo.lock (except for security updates I think).

@Nerixyz

Nerixyz commented Apr 21, 2024

Copy link
Copy Markdown
Contributor Author

@Nerixyz

Nerixyz commented Apr 21, 2024

Copy link
Copy Markdown
Contributor Author

we actually have renovate enabled :D, it doesn't work very well. Maybe there's a way to fix it?

Which reminds me, should probably disable it if we switch to dependabot.

Seems like it's disabled for everything: https://github.com/twitch-rs/.github/blob/552dc354c76953dcb866e747613a501d1af28aa5/renovate-config.json#L33-L41 (if I read that correctly).

@Emilgardis

Copy link
Copy Markdown
Member

I should've documented why. It doesn't use cargo semver. so it thinks that 0.1.0 -> 0.2.0 is a minor patch, when it is in cargo terms a major (where left most non-zero = major)

The reason I say it doesn't work is because it doesn't handle submodules like I wanted it to, it should update the lockfile when bumping submodules, but that doesn't seem to work.

@Nerixyz

Nerixyz commented Oct 19, 2024

Copy link
Copy Markdown
Contributor Author

We tried renovate on minor granularity for Cargo, but it didn't work well. At least we have updates for actions now.

@Nerixyz Nerixyz closed this Oct 19, 2024
@Nerixyz Nerixyz mentioned this pull request Oct 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants