https://kotlinlang.org logo
Join Slack
Powered by
Hello :wave: I want to migrate github-workflows-kt...
# github-workflows-kt
m
Hello 👋 I want to migrate github-workflows-kt but then a question came to my mind 🙂 Is Dependabot for github actions are also capable of updating github-workflows-kt files ?
p
hi, unfortunately no 😞 the same goes for Renovate. I can recommend something, but first I need to know if you prefer using actions using their major versions (recommended in github-workflows-kt) or by concrete commit hashes (for extra safety)
generally I recommend to set up your CI so that the CI checks fail if the GitHub Actions YAML is inconsistent with the github-workflows-kt script, then you can update the Kotlin script manually and they’ll be in sync again
m
preferably latest version, since they create PRs it is safe to try new ones 🙂
Ohh I see, so manual work will be needed 😞
Do we have open issue in Dependabot, for supporting this ?
it will be a huge support for 
github-workflows-kt
if they do support
p
I honestly doubt they will add support for it in Dependabot, see this still open issue for Kotlin Script (much more popular, obviously), plus I saw somewhere that they’re on hold with adding support for new package managers. For Renovate (Dependabot’s biggest competitor), I implemented Kotlin Script support myself (here) but I’m not sure if they would agree to add support for github-workflows-kt because it’s still not that popular. They have this questionnaire to asses. Certainly more likely than in Dependabot, plus Renovate’s team is really responsive and friendly. Back then I also migrated from Dependabot to Renovate and I recommend it as Dependabot seems to have maintenance issues. I encourage you to file a ticket to Renovate and perhaps fill in the questionnaire, it would be a great help!
there was also an idea to wrap each action in a Maven package so that we can have a single 
@file:DependsOn
for each action, then Renovate would already support it. But I don’t want it to work this way since it requires creating and maintaining a machinery that publishes all these little artifacts, and it scales poorly as we want to add support for more and more actions in the library
I’m open for other ideas 🚀
out of curiosity, to get the gist: how often do you get your workflows updated by Dependabot?
for the record: in github-workflows-kt, action wrappers for old (all apart from the newest) major versions are automatically marked as 
@Deprecated
(see e.g. here) and the wrappers are updated every ~2 weeks, so it should produce a warning in your code/IDE if you use it, and a quick Alt+Enter action to update it to the newest. You can also run your scripts through a compiler with a flag enabled to treat all warnings as errors to catch deprecated wrappers. But yeah, it doesn’t replace automatic dependency bumping, it just adds to communicating that some used action can be updated
m
• Ohh okay i will check Renovate’s as well. • Yea I agree it is not a good way to go with having single 
@file:DependsOn
for each action • No idea so far if any will definitely tell you 🙂 • well i think every 2-3 weeks some update pops up • Yea that would work but still, the manual work is continuing, I wanted to see if it is manageable fully automated 🙂
p
cool! we haven’t looked into this issue yet because apparently it’s not painful enough. Maybe because so far people use the library for simple workflows that have little amount of dependencies
m
Yes totally understand 👍
6 Views
Open in Slack
PreviousNext
Powered by