Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump milestone in .github/dependabot.yml, when available? #163

Open
Ocramius opened this issue Sep 18, 2021 · 0 comments
Open

Bump milestone in .github/dependabot.yml, when available? #163

Ocramius opened this issue Sep 18, 2021 · 0 comments
Labels
Enhancement Help Wanted

Comments

@Ocramius
Copy link
Member

Feature Request

Q A
New Feature yes
RFC no
BC Break no

laminas/automatic-releases works exceptionally well with milestone automation, but dependabot updates often don't land in milestone/release notes, due to dependabot not assigning a milestone to opened PRs.

This could be automated, by assigning a milestone number/name (both seem to be supported) when creating a new milestone: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#milestone

Unsure if this is to be pursued, as it may lead to git conflicts (unlikely, because dependabot only acts on latest branches), but it could be an interesting idea to do so.

In practice, when a new milestone is created, we push a new commit with the milestone: value to each dependabot.yml#updates[].milestone entry (or set it, if not existing).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement Help Wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Ocramius