Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automate cargo update without dependabot #2942

Merged
merged 2 commits into from
Dec 14, 2023
Merged

Automate cargo update without dependabot #2942

merged 2 commits into from
Dec 14, 2023

Conversation

tautschnig
Copy link
Member

Automatically create pull requests from the result of running cargo update every Monday morning. This should avoid the need for manual PRs to update Cargo.lock, which seemingly dependabot wouldn't take care of. We now only use dependabot to update github actions.

This revives what I had initially proposed in #2895 in light of #2940.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

@tautschnig
Automate cargo update without dependabot
56df656 
Automatically create pull requests from the result of running `cargo
update` every Monday morning. This should avoid the need for manual PRs
to update Cargo.lock, which seemingly dependabot wouldn't take care of.
We now only use dependabot to update github actions.
@tautschnig tautschnig requested a review from a team as a code owner December 13, 2023 22:37
@zhassan-aws
Copy link
Contributor

This should avoid the need for manual PRs to update Cargo.lock, which seemingly dependabot wouldn't take care of.

Can you clarify what you mean? Both PRs related to cargo dependencies opened by dependabot so far updated Cargo.lock:

#2920
#2933

@celinval
Copy link
Contributor

I'm assuming that depandabot doesn't update transitive dependencies.

@tautschnig
Copy link
Member Author

I'm assuming that depandabot doesn't update transitive dependencies.

It would seem so, but this doesn't seem to be documented anywhere (lockfile-only does the opposite: it restricts updates to just those affecting Cargo.lock). Our release process, however, does mandate this kind of update. So we end up having to do human-made PRs (like #2940) despite using dependabot.

I don't mind much about dependabot, we could keep it. But I'd really like to reduce the number of manual steps where they are straightforward to automate.

@zhassan-aws
Copy link
Contributor

According to dependabot/feedback#394 (comment), dependabot runs cargo update under the hood, so I'm not sure why the behavior is different. Perhaps a configuration change is needed?

Anyway, if we have a working solution, we don't need to dwell too much on getting dependabot to do what we need. I was just trying to avoid introducing new code for this purpose, to avoid increasing our maintenance burden.

@tautschnig
Copy link
Member Author

According to dependabot/feedback#394 (comment), dependabot runs cargo update under the hood, so I'm not sure why the behavior is different. Perhaps a configuration change is needed?

I'd love to learn about this - I have tried to find what configuration it would take, but wasn't able to come up with anything that worked.

Anyway, if we have a working solution, we don't need to dwell too much on getting dependabot to do what we need. I was just trying to avoid introducing new code for this purpose, to avoid increasing our maintenance burden.

Equally I am for keeping our own code to a minimum. I suggest that we revert this PR if we ever come across a way to make dependabot do all the work for us.

@tautschnig tautschnig merged commit 036eb88 into model-checking:main Dec 14, 2023
20 checks passed
@tautschnig tautschnig deleted the auto-cargo-update branch December 14, 2023 20:10
@zhassan-aws zhassan-aws mentioned this pull request Jan 8, 2024
Merged
zhassan-aws added a commit that referenced this pull request Jan 9, 2024
@zhassan-aws @adpaco-aws
Bump Kani version to 0.44.0 (#2970)
871c9e3 
These are the auto-generated release notes for comparison purposes:

## What's Changed
* Automate cargo update without dependabot by @tautschnig in
#2942
* Update nightly toolchain to toolchain-2023-12-15 by @celinval in
#2948
* Automatic cargo update to 2023-12-18 by @github-actions in
#2951
* Migrate function, block and statement modules to StableMIR by
@celinval in #2947
* Update Rust toolchain to `nightly-2023-12-18` by @adpaco-aws in
#2953
* Update the rust toolchain to 2023-12-20 by @celinval in
#2961
* Migrate foreign function, compiler-interface and kani-middle modules
to use StableMIR by @celinval in
#2959
* Build CBMC with `cmake` in all "CBMC latest" jobs by @adpaco-aws in
#2965
* Automatic cargo update to 2024-01-01 by @github-actions in
#2964
* Automatic cargo update to 2024-01-08 by @github-actions in
#2968
* Upgrade to 2024-01-08 rust toolchain by @zhassan-aws in
#2969


**Full Changelog**:
kani-0.43.0...kani-0.44.0

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 and MIT licenses.

---------

Co-authored-by: Adrian Palacios <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zhassan-aws zhassan-aws zhassan-aws approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tautschnig @zhassan-aws @celinval