Comments (10)
Good news: everything except the PullRequestUpdater
now works with GitLab, and there's a script here that you can use to run dependabot-core against gitlab.com (self-hosted support should be pretty easy to add too).
I'll be adding GitLab support to Dependabot itself (rather than just the core logic) in the next month or so. 🎉
Give it a go and let me know what you think!
from dependabot-core.
The issue to watch on this one is #399.
Unfortunately I didn't get to adding GitLab support when I wanted to - instead I added Go and .NET support, and integrated with GitHub's security alerts.
My next three big things are tools for maintainers, vgo support, and GitLab. It's definitely coming - apologies for the delay.
from dependabot-core.
Agreed! If you or anyone else wants to take this on, the best approach would be to go concern by concern:
- I would start with the
MetadataFinders
base class, because this is already close to being provider-agnostic (it just needs to start receiving a credentials hash, rather than a GitHub client, and use that hash when instantiating clients) - After that, I'd give the same treatment to
GitCommitChecker
- Then I'd extract the GitHub logic in
PullRequestUpdater
into aGithub
class (as we do forPullRequestCreator
) - Then, in no particular order, make the
FileFetchers
base class and thePullRequestCreator
base class provider agnostic
No reason why PRs couldn't be merged on a concern-by-concern basis.
I'm not totally convinced that a "git repo client" is the way to go on the above, because there'd be a lot f data wrangling required that might be simpler to do close to where the data is being used (see the MetadataFinders
base classes for an example), but I wouldn't be adverse to it if it worked and was well tested.
from dependabot-core.
As far as I can tell there is a difference between the way MetadataFinders
interacts with a git repo and all of the other classes since MetadataFinders
is interacting with the repo of the dependency where the rest are interacting with the repo of the target project.
I am mainly interested in dealing with target projects on gitlab for the time being (but ultimately it's best if everything is as agnostic as possible)
from dependabot-core.
Yeah, exactly - MetadataFinders
have needed to know how to interact with other providers for ages. I've just cleaned them up to not treat GitHub any differently to any other provider, though - 801a582.
from dependabot-core.
Definitely interested in seeing this as my company is preparing to move to GitLab. Wasn't in the plan when we looked at Dependabot, but it is now.
from dependabot-core.
@greysteil Is this on the roadmap at all for you guys? We're actually in the process of migrating, and will be finishing up this week.
from dependabot-core.
Looks like the information on this has ended up being split between two issues - sorry about that. On GitLab support, I wrote up our position here a couple of weeks ago - the TL;DR is that it's not on the short-term roadmap. I'd love to be able to, but I just can't justify the work required on it financially at the moment :-(
from dependabot-core.
Thanks for the update. If I have any comments I'll keep it to the other issue to leave this one about the code changes specifically.
from dependabot-core.
@greysteil Any updates on this? :-)
from dependabot-core.
Related Issues (20)
- dependabot creates duplicate entries in Cargo.lock for git dependencies with versions
- Allow Dependabot to be configured to ONLY create PRs for private registry updates in a ruby project that uses both public and private sources
- Issue Consolidating .NET Package
- Uncertainty in Dependabot's NPM Version HOT 1
- refactor UpdateChecker Sorbet types for clarity
- Dynamically install required package manager version at runtime HOT 2
- repo with `global.json` pinned to an older SDK can cause update failures
- No longer able to update multiple nuget packages in a group
- Test
- dependabot doesn't work on dotnet/aspire: System.InvalidOperationException: Failed to find all versions of .NET Core MSBuild. Call to hostfxr_resolve_sdk2. There may be more details in stderr. HOT 4
- `PackageReference` element does not take `Condition` into consideration
- xxx is not an octal string (Dependabot::SharedHelpers::HelperSubprocessFailed)
- Terraform updates fail with Terraform 1.7 import block syntax
- commit messages break conventional commit rules HOT 2
- Testing an action
- Test bug
- test bug
- test feature
- Dependabot PR doesn't list what packages were updated but the commit message does
- Dependabot::SharedHelpers::HelperSubprocessFailed: ERR_PNPM_UNSUPPORTED_PLATFORM Unsupported platform for registry.npmjs.org/@swc/core-darwin-x64/... HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependabot-core.