Project

Profile

Help

Send by e-mail

Task #5196

Pin dependencies to y releases and use dependabot to update them

Added by daviddavis over 1 year ago. Updated about 1 year ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
daviddavis
Category:
-
Sprint/Milestone:
3.0.0
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Recently, Pulp 3 package installs were broken by a new version of DRF which necessitated a new release of pulpcore (RC4)[0]. Our releases are fragile and unstable because they don't pin versions of dependencies.

Instead, pin pulpcore's dependencies to specific y release versions and use dependabot[1] to notify us of new updates for pulpcore dependencies.

This was the outcome of a discussion on pulp-dev[2].

.. [0] https://www.redhat.com/archives/pulp-dev/2019-July/msg00076.html
.. [1] https://dependabot.com/
.. [2] https://www.redhat.com/archives/pulp-dev/2019-July/msg00088.html

Associated revisions

Revision 433775d9 View on GitHub
Added by daviddavis over 1 year ago

Pinning dependencies and using dependabot to manage updates

fixes #5196 https://pulp.plan.io/issues/5196

History

#2 Updated by daviddavis over 1 year ago

  • Description updated (diff)

#3 Updated by daviddavis over 1 year ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#4 Updated by bmbouter about 1 year ago

  • Sprint/Milestone set to 3.0.0

#5 Updated by bmbouter about 1 year ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Send by e-mail

Also available in: Atom PDF