Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Manage Azure SDKs version with Dependabot #39495

Merged

Conversation

zmoog
Copy link
Contributor

@zmoog zmoog commented May 9, 2024

Proposed commit message

Set up Dependabot to manage the Azure SDK version.

With the current reactive and manual process, our dependencies are often outdated. To release a bugfix to a dependency, we need to wait for the following stack release instead of merging it shortly after it's available from Azure.

See #39492 to learn more.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

Tasks

Preview Give feedback
  1. Team:obs-ds-hosted-services bug
    zmoog
  2. Team:obs-ds-hosted-services bug
    zmoog

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label May 9, 2024
Copy link
Contributor

mergify bot commented May 9, 2024

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @zmoog? 🙏.
For such, you'll need to label your PR with:

  • The upcoming major version of the Elastic Stack
  • The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

@mergify mergify bot assigned zmoog May 9, 2024
@zmoog zmoog added the Team:obs-ds-hosted-services Label for the Observability Hosted Services team label May 9, 2024
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label May 9, 2024
@zmoog zmoog changed the title Manage Azure and Event Hub SDKs with Dependabot Manage Azure and Event Hub SDKs version with Dependabot May 9, 2024
@zmoog zmoog marked this pull request as ready for review May 9, 2024 15:33
@zmoog zmoog requested a review from a team as a code owner May 9, 2024 15:33
@elasticmachine
Copy link
Collaborator

Pinging @elastic/obs-ds-hosted-services (Team:obs-ds-hosted-services)

.github/dependabot.yml Outdated Show resolved Hide resolved
Comment on lines 50 to 54
groups:
azure-sdk-for-go:
patterns:
- "github.com/Azure/azure-sdk-for-go/*"
azure-event-hubs-go:
patterns:
- "github.com/Azure/azure-event-hubs-go/*"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather than introducing a new package-ecosystem: gomod block, would it make sense to just update the existing block above with the groups and adding to its allow list?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, now I see that apm-server has two blocks because each one targets a different directory.

I'm updating the existing block!

Copy link
Contributor Author

@zmoog zmoog May 10, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just noticed that by adding a package-ecosystem: gomod, we could set a reviewers option to direct PRs to our team.

Do you think it's worth adding a second package-ecosystem: gomod to customize reviewers, or it's better to keep things as simple as possible and just add a group or allow for the Azure dependencies?

I mean something like:

  - package-ecosystem: "gomod"
    directory: "/"
    schedule:
      interval: "daily"
    reviewers:
      - "elastic/obs-ds-hosted-services"
    groups:
      azure-sdk-for-go:
        patterns:
          - "github.com/Azure/azure-sdk-for-go/*"
      azure-event-hubs-go:
        patterns:
          - "github.com/Azure/azure-event-hubs-go/*"

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good point. I think it would be ideal if the hosted services team were flagged for review, so having a separate block sounds like the way to go after all.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me try this: I created a block for CSPs, so we can add a group for each CSP and target specific teams.

  # Cloud providers' SDK dependencies
  - package-ecosystem: "gomod"
    directory: "/"
    schedule:
      interval: "daily"
    reviewers:
      - "elastic/obs-ds-hosted-services"
    groups:
      azure-sdks:
        patterns:
          - "github.com/Azure/azure-sdk-for-go/*"
          - "github.com/Azure/azure-event-hubs-go/*"
          - "github.com/Azure/go-autorest/*"
          - "github.com/Azure/azure-storage-blob-go/*"

@zmoog zmoog requested a review from a team May 17, 2024 17:27
@zmoog
Copy link
Contributor Author

zmoog commented May 17, 2024

Hey @elastic/ingest-eng-prod, whenever you have a moment, could you please take a look at this pull request? 🙇

zmoog added 4 commits May 17, 2024 19:29
- Drop the ignore for "github.com/elastic/beats/v7".
- Consolidate the github.com/Azure/azure* dependencies as allows in
  the existing gomod block.
Created a block for CSPs, so we can group together there dependencies
and target a specific teams as reviewers.
@zmoog zmoog force-pushed the zmoog/manage-azure-sdk-dependencies-with-dependabot branch from ce67717 to 301a4ab Compare May 17, 2024 17:29
The elastic/obs-infraobs-integrations team is probably interested in
staying up to date with the Azure SDK for Go updates.
Copy link
Contributor

@dliappis dliappis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good from my PoV, left a question

interval: "daily"
reviewers:
- "elastic/obs-ds-hosted-services"
- "elastic/obs-infraobs-integrations"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since this is an automation task that will open pull request(s) (right?), does it make sense that we also add the corresponding labels to the PR, as e.g. done above:

    labels:
      - automation
      - dependabot

Copy link
Contributor Author

@zmoog zmoog May 22, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since this is an automation task that will open pull request(s) (right?)

Yep.

Ouch, I missed the labels! Thank you for pointing this out. Added!

Copy link
Contributor

@agithomas agithomas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Copy link
Contributor

@dliappis dliappis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zmoog zmoog merged commit 5347b9c into elastic:main May 22, 2024
8 checks passed
@zmoog zmoog deleted the zmoog/manage-azure-sdk-dependencies-with-dependabot branch May 22, 2024 13:05
@zmoog zmoog changed the title Manage Azure and Event Hub SDKs version with Dependabot Manage Azure SDKs version with Dependabot May 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Team:obs-ds-hosted-services Label for the Observability Hosted Services team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants