Skip to content
This repository has been archived by the owner on May 24, 2022. It is now read-only.

schedule regression #17

Open
jsoref opened this issue May 7, 2021 · 6 comments
Open

schedule regression #17

jsoref opened this issue May 7, 2021 · 6 comments

Comments

@jsoref
Copy link
Contributor

jsoref commented May 7, 2021

https://github.com/dependabot/api-docs#user-content-create-an-update-config-for-a-repo

@dependabot appears to support:

Attribute Default Description
update-schedule None (required) One of live, daily, weekly or monthly

dependabot.com otoh supports:
image

When the dependabot migrator made pull requests to our repositories, it neglected to warn that this schedule detail was being discarded.
@feelepxyz
Copy link
Contributor

When the dependabot migrator made pull requests to our repositories, it neglected to warn that this schedule detail was being discarded.

@jsoref which option didn't get migrated? I would have expected the time to be migrated as it's not the default (05:00 UTC) but the weekday shouldn't as it's the default.

@jsoref
Copy link
Contributor Author

jsoref commented May 18, 2021

I have two repositories that show:

  schedule:
    interval: weekly
    timezone: America/Toronto

And one:

  schedule:
    interval: weekly
    day: wednesday
    time: "07:00"

These commits were created by dependabot, not us...

@feelepxyz
Copy link
Contributor

feelepxyz commented May 18, 2021
edited
Loading

@jsoref that looks right to me 👍 05:00 is the default time so is not included in the config file, the other config looks like it's from a different account as it has a different day and time set, but using the default utc timezone. Any of the following defaults won't be included in the config file:

  • day: monday
  • time: 05:00
  • timezone: utc

Is there an option that isn't the default, which also hasn't been included in the config file?

@jsoref
Copy link
Contributor Author

jsoref commented May 18, 2021

@feelepxyz: well, the linked api docs make no mention of time.

And all three of these are from the same account.

What we saw was PRs outside of our expected window, so I'm going off what I see and the API docs I see.

@feelepxyz
Copy link
Contributor

Oh sounds like a bug in that case, could you send over the account name and I can check what's happened?

The configuration options are listed here: https://docs.github.com/en/code-security/supply-chain-security/configuration-options-for-dependency-updates#scheduletime

These api docs no longer apply to the new github-native version of dependabot and have been deprecated.

@jsoref
Copy link
Contributor Author

jsoref commented May 18, 2021

In that case, the docs should be updated to clearly indicate that at the top of each page (with a link to their replacement).

How do I send the account name? (GitHub is free to reach out to me directly)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@feelepxyz @jsoref