This is the process we have identified for dealing with Dependabot PRs that saves developer time and CircleCI resource.
- Create a new branch called
chore/dependencies-[yyyy-mm-dd], inserting today’s date. - Open each Dependabot PR and check that the tests have passed. Re-run any failing tests as the majority of failures are caused by timeouts or flakiness. Codecov failures can be ignored.
- Once all tests have passed, edit the PR so that the base branch is the
chore/dependenciesone. You should now be able to merge the PR without needing to request reviews. - Repeat steps 2 and 3 until all PRs are either merged or identified as needing further work. Any PRs with consistently failing tests can be passed to the Technical Excellence team if required.
- After all the PRs have been merged, checkout the branch locally and carry out some basic smoke tests.
- Checkout the local frontend and run the e2e tests to ensure they still pass.
- Rebase the dependency branch against
mainto remove all the merge commits, then push the changes and open a PR. - If you are satisfied that everything is in order and all the tests have passed, request reviews as normal.
- Once merged, deploy to production as soon as possible.
If the main flake8 dependency is updated, the version used by the pre-commit hook should also be updated.