Dependabot用于更新跟踪提交的Go依赖项。

huangapple go评论86阅读模式
英文:

Dependabot for updating go dependencies which track commits

问题

我正在尝试使用 Dependabot 自动更新一个私有的 Go 仓库。我的当前 dependabot.yml 文件如下所示:

version: 2
updates:
  - package-ecosystem: 'gomod'
    directory: '/'
    schedule:
      interval: 'daily'
    allow:
      - dependency-name: "<private-dependency>"

这个 "private-dependency" 并没有跟踪版本,所以我想根据一个特定的分支进行更新。

我知道可以通过手动运行 go get private-dependency@branch 来实现这一点,但是我找不到任何关于 Dependabot 是否支持这样做的文档。

我可以创建一个 Github Action 来运行这个命令并打开一个 PR,但如果可能的话,我想避免这样做。

Dependabot 是否支持更新跟踪分支的 Go 依赖项?我该如何使用 Dependabot 实现这一点?

英文:

I'm trying to use dependabot to auto-update a private Go repository. My current dependabot.yml looks like this:

version: 2
updates:
  - package-ecosystem: &#39;gomod&#39;
    directory: &#39;/&#39;
    schedule:
      interval: &#39;daily&#39;
    allow:
    - dependency-name: &quot;&lt;private-dependency&gt;&quot;

The "private-dependency" does not track versions so I want to update against a specific branch.

I understand I can do this manually by running go get private-dependency@branch but I can't find any documentation on whether I can do so via Dependabot.

I can create a Github Action for running the command and opening a PR but would want to avoid doing so if possible.

Does Dependabot even support updating Go dependencies that track branches? How can I do this using Dependabot?

答案1

得分: 0

我向Github提交了一个客户支持工单,他们的官方回复如下:

> 在与工程师交谈后,发现根据Golang的文档,基于提交的版本被认为是“伪版本”,用于开发目的。Dependabot寻找稳定版本作为可能的更新建议,而不是开发版本。

根据这个回复,Dependabot目前不支持这个功能,但他们愿意接受功能请求。为了我们的目的,我们开始使用SemVer标记我们的发布版本,从而解决了这个问题。

只是留下一个答案,供后人参考和有兴趣跟进的人。

英文:

I opened a customer support ticket with Github and their official response is:

> After speaking with Engineering, it was found that according to Golang's documentation the commit-based versions are considered "pseudo-versions" and intended for development. Dependabot seeks for stable versions to suggest as a possible update rather than development versions.

According to this, Dependabot doesn't support this feature yet but they are open to taking a feature request. For our purposes, we started tagging our releases with SemVer and that solved the issue.

Just leaving an answer for posterity and those that might be interested in following this up.

huangapple
  • 本文由 发表于 2021年8月19日 21:59:57
  • 转载请务必保留本文链接:https://go.coder-hub.com/68849294.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定