Project

Profile

Help

Task #5196

closed

Pin dependencies to y releases and use dependabot to update them

Added by daviddavis over 5 years ago. Updated almost 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Recently, Pulp 3 package installs were broken by a new version of DRF which necessitated a new release of pulpcore (RC4)[0]. Our releases are fragile and unstable because they don't pin versions of dependencies.

Instead, pin pulpcore's dependencies to specific y release versions and use dependabot[1] to notify us of new updates for pulpcore dependencies.

This was the outcome of a discussion on pulp-dev[2].

.. [0] https://www.redhat.com/archives/pulp-dev/2019-July/msg00076.html
.. [1] https://dependabot.com/
.. [2] https://www.redhat.com/archives/pulp-dev/2019-July/msg00088.html

Actions #2

Updated by daviddavis over 5 years ago

  • Description updated (diff)

Added by daviddavis over 5 years ago

Revision 433775d9 | View on GitHub

Pinning dependencies and using dependabot to manage updates

fixes #5196 https://pulp.plan.io/issues/5196

Actions #3

Updated by daviddavis over 5 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions #4

Updated by bmbouter almost 5 years ago

  • Sprint/Milestone set to 3.0.0
Actions #5

Updated by bmbouter almost 5 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF