Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatic dependency updating #423

Closed
2 of 5 tasks
JP-Ellis opened this issue Oct 16, 2023 · 1 comment · Fixed by #427
Closed
2 of 5 tasks

Automatic dependency updating #423

JP-Ellis opened this issue Oct 16, 2023 · 1 comment · Fixed by #427
Assignees
@JP-Ellis
Labels
smartbear-supported This issue is supported by SmartBear

Comments

@JP-Ellis
Copy link
Contributor

JP-Ellis commented Oct 16, 2023
edited
Loading

Have you read the Contributing Guidelines on issues?

Description

  • Set up a dependency monitoring and automatic updating of GitHub actions through dependabot. This should automatically update to the latest version all the time.

  • Set up dependency monitoring and automatic updating of Python dependencies.

    Note that Python does not have a standardised way to lock dependencies. Additionally, all dependencies are shared within a virtual environment which can give rise to conflicts easily.

    As a result, there is merit to supporting the widest range of versions possible. As a rule of thumb, I think we should have all dependencies specified as follows:

    1. Default to having version ~= x.0, where x is the latest major version supported.
    2. If we require a specific feature introduced after x.0, then use ~= x.y where y is the first minor version to introduce the required feature.
    3. A minor version greater than x.0 might also be used if there is a security vulnerability that has direct and significant consequences to Pact Python.

    As a result of the above, the Dependabot configuration for Python will need to be tweaked from the default.

  • Set up automatically dependency monitoring and automatic updating of pre-commit hooks. This should automatically update to the latest version all the time.

Has this been requested on Canny?

No response

Motivation

I want to set up automatic dependency updates for Pact Python, so that maintainers can be aware of updates and continuously upgrade them, as opposed to accumulating debt and making the upgrade process subsequently more difficult.

Have you tried building it?

No response

Self-service

  • I'd be willing to contribute this feature to Pact Python myself.
@JP-Ellis JP-Ellis added the smartbear-supported This issue is supported by SmartBear label Oct 16, 2023
@JP-Ellis JP-Ellis self-assigned this Oct 16, 2023
@github-actions
Copy link

🤖 Great news! We've labeled this issue as smartbear-supported and created a tracking ticket in PactFlow's Jira (PACT-1410). We'll keep work public and post updates here. Meanwhile, feel free to check out our docs. Thanks for your patience!

@JP-Ellis JP-Ellis mentioned this issue Oct 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JP-Ellis JP-Ellis

Labels
smartbear-supported This issue is supported by SmartBear
Projects
Pact Python
Status: ✅ Completed
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add renovate dependency management pact-foundation/pact-python
1 participant
@JP-Ellis