Project

Profile

Help

Task #5196

Pin dependencies to y releases and use dependabot to update them

Added by daviddavis 8 months ago. Updated 4 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Platform Release:
Blocks Release:
Backwards Incompatible:
No
Groomed:
No
Sprint Candidate:
No
Tags:
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No
Sprint:

Description

Recently, Pulp 3 package installs were broken by a new version of DRF which necessitated a new release of pulpcore (RC4)[0]. Our releases are fragile and unstable because they don't pin versions of dependencies.

Instead, pin pulpcore's dependencies to specific y release versions and use dependabot[1] to notify us of new updates for pulpcore dependencies.

This was the outcome of a discussion on pulp-dev[2].

.. [0] https://www.redhat.com/archives/pulp-dev/2019-July/msg00076.html
.. [1] https://dependabot.com/
.. [2] https://www.redhat.com/archives/pulp-dev/2019-July/msg00088.html

Associated revisions

Revision 433775d9 View on GitHub
Added by daviddavis 8 months ago

Pinning dependencies and using dependabot to manage updates

fixes #5196 https://pulp.plan.io/issues/5196

History

#2 Updated by daviddavis 8 months ago

  • Description updated (diff)

#3 Updated by daviddavis 8 months ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#4 Updated by bmbouter 4 months ago

  • Sprint/Milestone set to 3.0.0

#5 Updated by bmbouter 4 months ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF