Greenkeeper does not update package-lock.json #1415
Comments
paulmelnikow
added
bug
|
|
|
Shouldn't you bring that up at https://github.com/greenkeeperio/greenkeeper instead @platan? |
|
Either greenkeeper ( |
|
Just noticed this is on file upstream: greenkeeperio/greenkeeper-lockfile#58 |
|
I think we can close this issue. Greenkeeper updated |
|
no - this is still an issue. I updated the lockfile locally on those PRs and pushed the extra commits to the greenkeeper branches |
|
@chris48s oh, my bad, I overlooked your commit. Thank you! |
|
This is super frustrating! Given @jasonLaster's solution in greenkeeperio/greenkeeper-lockfile@master...jasonLaster:master (see greenkeeperio/greenkeeper-lockfile#58) I'm not sure why the fix from #1562 did not solve the problem. @chris48s How much work do you want to put into fixing this? Shall we go ahead and fork greenkeeper-lockfile in the badges org, build and test a workable solution, and try to get it merged upstream? |
|
Its one of those paper cut bugs, isn't it. |
|
Yea, it's irritating without having an easy fix. Honestly I'm not so enthused. Though maybe there's a workaround? This is a CircleCI issue. Weren't we talking about adding Travis for code coverage reasons? Maybe we should add Travis for Greenkeeper, as silly as that might sound… |
|
Another option might be to switch out greenkeeper for something else that does roughly the same job like dependabot and see if that is more compatible with Circle CI? |
|
Yea, a good idea. Either of those sounds fine to me. |
|
Been having some great luck with Dependabot lately. |
Agreed. I've tried out dependabot on a couple of other projects and I'm fairly convinced that dropping greenkeeper for dependabot is a good call here. It deals with updating your Switching to dependabot will probably result in more noise/review overhead as it will submit a PR for every patch version (although we can configure particular packages to auto-merge if the tests pass - this might be a useful option for some stuff like testing-related dev tooling), however I think this approach is more correct for projects like this that use a lockfile. Greenkeeper is more targetted to libraries. In terms of getting it done, I'm happy to submit a PR to remove the |
|
I don't have enough access on the org to install Dependabot, which I think requires owner permission on the org. I can't make you a member, either, for the same reason. Though it looks like, as an admin on the repo, I can remove Greenkeeper. |
|
I've emailed @espadrine asking him for access. |
|
Huh, that's not normal. I thought you had the same access I have. In https://github.com/orgs/badges/teams/shields/members (a team with the highest rights, Admin), I see both of us labeled "maintainer". Do you have an error message that could help me give you the same access? |
|
Can you try again? I made you owner of https://github.com/orgs/badges/people. I don't know if it should change anything; I thought GitHub switched to team-based access management to make that irrelevant. GitHub rights confuse me! |
|
It worked! Thank you! |
|
Okay, so Dependabot is turned on and Greenkeeper is turned off. I've also updated your access to the organization @platan @PyvesB @RedSparr0w @chris48s. We'll probably have some cleanup to do, though let's close this issue out since it is now fixed. |
|
Yep - that seems to have done the job :) Now that we've enabled dependabot, it will submit PRs bumping out dependencies to the latest release (capped to a max of 5 per day), so there will be some overhead of reviewing dependency bump PRs until everything is pinned to the latest version. It is updating the lockfile though. |
A recently example #1414
The text was updated successfully, but these errors were encountered: