Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attempt to configure lockfile-only dependabot strategy #853

Merged
merged 1 commit into from
Aug 20, 2024
Merged

Attempt to configure lockfile-only dependabot strategy #853

merged 1 commit into from
Aug 20, 2024

Conversation

ml-evs
Copy link
Member

@ml-evs ml-evs commented Aug 20, 2024

After this PR, ideally, dependabot will keep ticking over and updating our lock files with the latest versions compatible with our pyproject.toml.

There will then be a second job that lets us know of new major incompatible versions; we can treat these on a case-by-case basis and roll the changes out ourselves, based on the dependabot PRs.

I am hoping the dependabot config is flexible enough for this, otherwise we will have to rewrite lots of the constraints from our pyproject into the dependabot config file, for now.

Dependabot groups are also magic to me, my guess is that for the pip ecosystem, any dependency under the extra dev is treated as development, and all the rest are production, but thats not entirely clear to me yet (and its not documented).

@ml-evs ml-evs requested a review from jdbocarsly as a code owner August 20, 2024 16:20
@codecov Codecov
Copy link

codecov bot commented Aug 20, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.12%. Comparing base (9688763) to head (a71e00a).
Report is 147 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #853   +/-   ##
=======================================
  Coverage   68.12%   68.12%           
=======================================
  Files          62       62           
  Lines        3884     3884           
=======================================
  Hits         2646     2646           
  Misses       1238     1238
---- 🚨 Try these New Features:

@ml-evs ml-evs merged commit 20a22ab into main Aug 20, 2024
19 checks passed
@ml-evs ml-evs deleted the ml-evs/dependabot-strategy branch August 20, 2024 16:26
@ml-evs ml-evs added dependency_updates For issues/PRs that update the dependencies of the package CI For issues/PRs regarding the continuous integration labels Aug 20, 2024
@ml-evs ml-evs mentioned this pull request Aug 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdbocarsly jdbocarsly Awaiting requested review from jdbocarsly jdbocarsly is a code owner

Assignees
No one assigned
Labels
CI For issues/PRs regarding the continuous integration dependency_updates For issues/PRs that update the dependencies of the package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ml-evs