Task #5196: Pin dependencies to y releases and use dependabot to update them - Pulp

Send by e-mail

Task #5196

Pin dependencies to y releases and use dependabot to update them

Added by daviddavis 6 months ago. Updated about 1 month ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

Normal

Assignee:

daviddavis

Category:

Sprint/Milestone:

3.0.0

Start date:

Due date:

% Done:

100%

Platform Release:

Blocks Release:

Backwards Incompatible:

Groomed:

Sprint Candidate:

Tags:

QA Contact:

Complexity:

Smash Test:

Verified:

Verification Required:

Sprint:

Description

Recently, Pulp 3 package installs were broken by a new version of DRF which necessitated a new release of pulpcore (RC4)[0]. Our releases are fragile and unstable because they don't pin versions of dependencies.

Instead, pin pulpcore's dependencies to specific y release versions and use dependabot¹ to notify us of new updates for pulpcore dependencies.

This was the outcome of a discussion on pulp-dev².

.. [0] https://www.redhat.com/archives/pulp-dev/2019-July/msg00076.html
.. [1] https://dependabot.com/
.. [2] https://www.redhat.com/archives/pulp-dev/2019-July/msg00088.html

Associated revisions

Revision 433775d9 View on GitHub
Added by daviddavis 6 months ago

Pinning dependencies and using dependabot to manage updates

fixes #5196
https://pulp.plan.io/issues/5196

History

#1 Updated by daviddavis 6 months ago

https://github.com/pulp/pulpcore/pull/239

#2 Updated by daviddavis 6 months ago

Description updated (diff)

#3 Updated by daviddavis 6 months ago

Status changed from POST to MODIFIED
% Done changed from 0 to 100

Applied in changeset pulpcore|433775d92b58dba939157c980489fb85df390a5e.

#4 Updated by bmbouter about 1 month ago

Sprint/Milestone set to 3.0.0

#5 Updated by bmbouter about 1 month ago

Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Send by e-mail

Also available in: Atom PDF

Project

Profile

Help

Pulp

Issues

Agile boards

Custom queries