Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable Dependency Graph Integrator to raise PRs to add workflow #1164

Merged
merged 11 commits into from
Jul 8, 2024
Merged

Enable Dependency Graph Integrator to raise PRs to add workflow #1164

merged 11 commits into from
Jul 8, 2024

Conversation

tjsilver
Copy link
Contributor

@tjsilver tjsilver commented Jul 4, 2024
edited
Loading

What does this change?

Enables repocop to identify production Scala repos that don't have the SBT dependency submission workflow already, and pick one repo at random to call Dependency Graph Integrator which will raise a PR on the repo to include the workflow, and enable Dependabot alerts/Dependency Graph if not enabled.

Why?

This is part of our migration away from Snyk over the next year.

How has it been verified?

Tested locally with CODE data.

Next steps

  • Prioritise this for repos that don't have the Snyk workflow - this could be handled manually as it's only a handful.
  • Enable the integrator for Gradle/Kotlin repos, and any other of our languages for which there is a dependency submission workflow available.
  • Increase the number of PRs raised per run...?
  • Update our recommendations

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 4, 2024
edited
Loading

Deploy build 5466 of deploy::service-catalogue to CODE

All deployment options

From guardian/actions-riff-raff.

@tjsilver tjsilver force-pushed the ts/enable-dep-graph-sns branch from 9bd2319 to 8a37dfe Compare July 5, 2024 13:44
@tjsilver tjsilver changed the title Enable SNS for Dependency Graph Integrator Enable Dependency Graph Integrator to raise PRs to add workflow Jul 5, 2024
@tjsilver tjsilver marked this pull request as ready for review July 5, 2024 15:35
@tjsilver tjsilver requested review from a team as code owners July 5, 2024 15:35
@tjsilver tjsilver force-pushed the ts/enable-dep-graph-sns branch from 6954568 to ad5cc67 Compare July 8, 2024 08:29
@tjsilver tjsilver requested a review from NovemberTang July 8, 2024 10:21
NovemberTang
NovemberTang approved these changes Jul 8, 2024
View reviewed changes
Copy link
Contributor

@NovemberTang NovemberTang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we test this on CODE to make sure it works end-to-end (except for the actual raise the PR bit?)

@tjsilver
Copy link
Contributor Author

tjsilver commented Jul 8, 2024

Could we test this on CODE to make sure it works end-to-end (except for the actual raise the PR bit?)

Yes, will try again. Having trouble getting repocop to run on CODE due to a permissions error.

@tjsilver
Copy link
Contributor Author

tjsilver commented Jul 8, 2024

Tested on CODE and worked as expected.

@tjsilver tjsilver merged commit 9b05209 into main Jul 8, 2024
7 checks passed
@tjsilver tjsilver deleted the ts/enable-dep-graph-sns branch July 8, 2024 11:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NovemberTang NovemberTang NovemberTang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tjsilver @NovemberTang