Hi Dependabot! I am Tonybot…

Tony Vu
2 min readApr 23, 2021

--

As I am still waiting for reviews on my PWA’s PR, I decided to take on an issue in an area that I have never touched. After looking at the list of current issues, I assigned myself to an issue helping to add more packages files to Dependabot config. I have seen Anton and Yuan actively working on this matter for a few weeks and been curious to know what it is. From my rough understand, Dependabot is a github bot that helps to identify outdated packages and update them to the latest version. It seems like a cool thing to have.

I looked at the requirement and reached out to Anton for clarification. I learned that you need to follow a template that has already been developed. The template is in yml format and look similar to the following:

This determines configs for Dependabot to know what to do. For example, in the above example, we would want Dependabot to check the package.json in /src/api/parser (aka parser service) every Tuesday at 5pm EST. It would be limited to 1 PR and the commit prefix will have the 'chore: pattern. The PR created by Dependabot would be reviewed by telescope maintainers, so the contributors cannot review it. I have no problem understanding the syntax as I have been familiar myself with Docker and yml is the main language of Docker files. I also did the same thing for the docker dependencies. Initially I did not understand how we check the dependencies in a docker image, and professor Dave has explained to me that it might be able to find out some update in dependencies that somehow the image did not update. The code is exactly the same except the first line. Instead of npm , it is docker

It was a small PR but I learned more about how Dependabot works. It is convenient that Github invented this so the repo can stay updated to the latest updates.

Thank you for reading.

Tony Vu.

--

--