Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

hack: dependabot ls command #325

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

hack: dependabot ls command #325

wants to merge 2 commits into from

Conversation

jakecoffman
Copy link
Member

This adds the dependabot ls command which outputs the parsed dependencies, and then stops the containers:

$ dependabot ls go_modules dependabot/cli 2> /dev/null
[
  {
    "name": "github.com/MakeNowJust/heredoc",
    "requirements": [
      {
        "file": "go.mod",
        "groups": [],
        "requirement": "v1.0.0",
        "source": {
          "source": "github.com/MakeNowJust/heredoc",
          "type": "default"
        }
      }
    ],
    "version": "1.0.0"
  },
... (and so on for a while)

The reason this is labelled as a hack is the Dependabot Updater wants to continue with the update, but I have the CLI cancel the Context which terminates the Docker containers.

A more graceful solution would involve telling dependabot-core directly that we want to stop after the dependencies are gathered.

For now this works as a POC.

In the console command above, I've redirected stderr to /dev/null as by default the Dependabot CLI outputs logs to stderr.

@SatoshiNakamoto2007
Copy link

This adds the dependabot ls command which outputs the parsed dependencies, and then stops the containers:

$ dependabot ls go_modules dependabot/cli 2> /dev/null
[
  {
    "name": "github.com/MakeNowJust/heredoc",
    "requirements": [
      {
        "file": "go.mod",
        "groups": [],
        "requirement": "v1.0.0",
        "source": {
          "source": "github.com/MakeNowJust/heredoc",
          "type": "default"
        }
      }
    ],
    "version": "1.0.0"
  },
... (and so on for a while)

The reason this is labelled as a hack is the Dependabot Updater wants to continue with the update, but I have the CLI cancel the Context which terminates the Docker containers.

A more graceful solution would involve telling dependabot-core directly that we want to stop after the dependencies are gathered.

For now this works as a POC.

In the console command above, I've redirected stderr to /dev/null as by default the Dependabot CLI outputs logs to stderr.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants