As mentioned previously somewhere, GitHub has depr...
# developmentf
fast-nail-55400
07/03/2025, 2:08 AMAs mentioned previously somewhere, GitHub has deprecated
dependabot.ymlCODEOWNERSCODEOWNERS**/Cargo.tomlsrc/rust/engine/Cargo.lockfast-nail-55400
07/03/2025, 2:16 AMI'm inclined to the GHA workflow approach since it side steps us having to figure out what we want in
CODEOWNERSw
wide-midnight-78598
07/03/2025, 2:21 AMSo, generally okay with anything here - but one note that might be handy... I've occasionally noticed PRs which languish due to no reviewers, and in some of these cases it might be because the pr creator just doesnt know who to add by default. That might speak to the need for a codeowners too?
f
fast-nail-55400
07/03/2025, 2:24 AMAnd which point we restart the debate over what
CODEOWNERSfast-nail-55400
07/03/2025, 2:25 AMI'm intentionally restricting the scope of this question to how to deal with the
dependabot.ymlfast-nail-55400
07/03/2025, 2:26 AMThe more general question is important, but it is more tractable to solve the deprecation first.
w
wide-midnight-78598
07/03/2025, 2:31 AMfair - so i guess the discussion would be more about... do we want automated dependabot reviewers or not. Assuming yes, is there another option excluding codeowners - other than GHA?
If GHA is the only real option - seems like the right approach
wide-midnight-78598
07/03/2025, 2:32 AMAlthough - the people who could review a dependabot change would probably be the same people involved in changes to cargo.toml/lock as well 😄
c
curved-manchester-66006
07/03/2025, 4:56 PMI also think having no default reviewers would be not-ideal-but-acceptable to avoid extra work. (I think that is how it was for along time)
f
fast-nail-55400
07/03/2025, 5:17 PMWe wouldn’t need a no reviewers default though. The proposed alternative is a GHA workflow to assign reviewers versus having it done by having configured by
CODEOWNERSfast-nail-55400
07/03/2025, 5:17 PMSo if there is no objection to the workflow, I can set that up.
4 Views