Dependabot or renovate, review once a week. If it's a breaking change that doesn't resolve a feature/bug I need, or a security issue, it gets pushed back until maybe once a month.
All PRs build a preview environment, so I can quickly see if a build is failing or if the site is broken from an update and act accordingly.
thank you! I didn't hear of Renovate before. going to check this out (I might have some problem using dependabot since its not available in GitHub enterprise yet (its on the roadmap for next year)
One question, the weekly review you mentioned, I assume that if everything works then there nothing to review, right? when is this review is needed? when things don't work automatically? if updates break stuff and the PR cannot be completed automatically?
thanks!
On Monday, I just go through each to make sure the builds are good and the affected areas of the app aren't broken. Each one that is good gets merged to the staging branch.
Once the staging branch gets approved, it is tagged for release, and merged to main to deploy.
If something breaks, it'll break in the deploy preview or the staging deployment, so its just a matter of fixing it before it goes to the main branch.
I always add a note to the PR about what broke. Generally, I'll try and revisit it that day. Otherwise, I'll come back later in the week when I've got some time.
If something is a breaking change that doesn't impact us and isn't a security patch, it's just closed. Dependabot will keep reopening patches and minors on that as time goes on, so I can keep closing it until it's a valuable change.
Dependabot or renovate, review once a week. If it's a breaking change that doesn't resolve a feature/bug I need, or a security issue, it gets pushed back until maybe once a month.
All PRs build a preview environment, so I can quickly see if a build is failing or if the site is broken from an update and act accordingly.
thank you! I didn't hear of Renovate before. going to check this out (I might have some problem using dependabot since its not available in GitHub enterprise yet (its on the roadmap for next year)
Renovate supports enterprise I think. I see more big orgs using it instead of dependabot.
One question, the weekly review you mentioned, I assume that if everything works then there nothing to review, right? when is this review is needed? when things don't work automatically? if updates break stuff and the PR cannot be completed automatically?
thanks!
We always get PRs from dependabot.
On Monday, I just go through each to make sure the builds are good and the affected areas of the app aren't broken. Each one that is good gets merged to the staging branch.
Once the staging branch gets approved, it is tagged for release, and merged to main to deploy.
If something breaks, it'll break in the deploy preview or the staging deployment, so its just a matter of fixing it before it goes to the main branch.
I always add a note to the PR about what broke. Generally, I'll try and revisit it that day. Otherwise, I'll come back later in the week when I've got some time.
If something is a breaking change that doesn't impact us and isn't a security patch, it's just closed. Dependabot will keep reopening patches and minors on that as time goes on, so I can keep closing it until it's a valuable change.
thank you for the info, very useful stuff