Using greenkeeper.io and semantic-release

The Neos Project Tools & Operations
1

Hello,

we have in our neos/eslint-config-neos repository issues to use greenkeeper.io and semantic-release.
I guess it would be really helpful to keep an eye on the dependencies in our JS related repositories.

The neos-ui with react obviously used greenkeeper at some point and I ask myself why the Team stops using it? I think it is a nice tool and saves some time of the devs to upgrade the stuff manually.

So we just verify the branches and can concentrate more on other issues.
But before I try to add the dependency to the neos/eslint-config-neos I will start a discussion about that.
And I am not a team member and can not configure the GitHub related stuff :smile:

Looking forward to your opinions.

2

I’m for it.

I remember a discussion when I started contributiong and it got removed back then. I didn’t remember the exact reasons.

But especially since we have this badges if our dependencies are up to date or even insecure, it is, at the first glance, not a nice project for many people.
If I came across a wild repository and see they have outdated dependencies with a red badge my first thought is: ‘It’s not really well maintained’.

Also, especially since Markus put his hands on some updates(many thanks for this), it occurs that bulk updates are way more time consuming and complicated.
With greenkeeper we would get notified about every update.
I know that we had the issue about updating the subpackages to, because greenkeeper only takes care of the uppermost package.json, but I think if we instruct every team-member to update the subpackages before merging it would be ok and didn’t need that much effort.

So the my proposed workflow would look like this:

  1. Greenkeeper creates PR
  2. Team-Member checks out PR locally
  3. Team-Member checks over if the dependency is used in any package.json (grep/ag)
  4. If neccessary Team-Member updates this depdency as well
  5. Team-Member does a quick check if everything is working (lint,test, some clicking in the UI)
  6. Team-Member merges

From my point of view this would be not as time-consuming and complicated regarding changes in the tools internally than bulk manual updates.

If we choose to not use greenkeeper, we should remove the badges at least :slight_smile:

3

I started with the upgrades because of the badges and that we had one insecure dependency.
Greenkeeper always put the updates in a new branch, but I am not Sure if greenkeeper also can create PRs out of the box.