[tool] Bypass version/changelog checks for some PRs #6124
Conversation
Dependabot PRs currently always need manual intervention to add either version/CHANGELOG bumps, or overriddes so that they can be landed without them, which adds friction to landing those PRs. Several commonly-updated dependencies are only for internal testing, so never need version or CHANGELOG changes. This adds an explict allow-list for Dependabot PRs for those packages to automatically bypass the usual checks for missing updates, to make them easier to land. Fixes flutter/flutter#107942
|
|
||
| // A string that is in all Dependabot PRs, but extreemly unlikely to be in | ||
| // any other PR, to identify Dependabot PRs. | ||
| const String dependabotMarker = 'Dependabot commands and options'; |
There was a problem hiding this comment.
I'm sure this should work in practice, but have you considered a more deterministic way to ensure a PR is a dependabot PR? It doesn't seem like you can configure the PR description, though, so this may be the best way for now.
There was a problem hiding this comment.
Agreed, this is not a great solution. I was hoping when I started implementing this that there would be a CIRRUS_* variable for the author, but unfortunately there isn't, so the only way I could see to get it would be much more complicated (taking the CIRRUS_PR and trying to extract the information from the GitHub API).
Given that, and that we can easily update the tool if Dependabot PR format changes, I figured this was probably a reasonable starting point, and then if it turns out to need a lot of maintenance in practice we can revisit. Longer term, I was thinking we may want to explore moving some checks like this one to infra's cocoon tool, which already has a lot of utilities for using the GitHub API to look at PR state; using PR description for doing overrides in the first place was always kind of a hack (and has proved less reliable than expected in other ways).
Since the failure case here is needing human intervention (rather than silently allowing incorrect changes), I'm more comfortable with it being more fragile than most of the repo tooling.
Follow-up to flutter#6124; that version works if the tooling actually gets the PR description, but due to cirruslabs/cirrus-ci-docs#1029 we may get the commit message instead, so we need to detect that as well. Part of flutter/flutter#107942
Dependabot PRs currently always need manual intervention to add either
version/CHANGELOG bumps, or overriddes so that they can be landed
without them, which adds friction to landing those PRs.
Several commonly-updated dependencies are only for internal testing, so
never need version or CHANGELOG changes. This adds an explict allow-list
for Dependabot PRs for those packages to automatically bypass the usual
checks for missing updates, to make them easier to land.
Fixes flutter/flutter#107942
Pre-launch Checklist
dart format.)[shared_preferences]pubspec.yamlwith an appropriate new version according to the pub versioning philosophy, or this PR is exempt from version changes.CHANGELOG.mdto add a description of the change, following repository CHANGELOG style.///).