-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci(dependabot): enable auto poetry updates #463
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #463 +/- ##
==========================================
- Coverage 94.74% 94.73% -0.01%
==========================================
Files 57 57
Lines 3156 3155 -1
==========================================
- Hits 2990 2989 -1
Misses 166 166
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @gwaybio and @kenibrewer, addressing the questions below:
I don't have as much experience with this setting and will move forward with it as you mention. I'm cautious about this generally as I'd like to see isolated updates where possible to avoid dependency management chaos through the form of troubleshooting otherwise mysterious relationships when they're all combined in one spot. That said, I don't have any evidence this would happen here (just a feeling), so let's see how it goes with grouping!
Sounds good, let's move forward with monthly updates. |
Co-Authored-By: Ken Brewer <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Re grouping, I think the testing will hopefully catch any weirdness and let us investigate before getting merged. But if it causes problems we can definitely go back to individual PRS.
Thanks!
Thanks @kenibrewer ! Merging this in. |
Description
This PR focuses on long-term sustainability for this project by enabling Dependabot to automatically update the Poetry lockfile. Normally this is a task which must be performed manually. By enabling this change we can have Dependabot automatically update the dependency references (which still fall into the constraints of the
pyproject.toml
file).Thanks for any feedback!
What is the nature of your change?
Checklist
Please ensure that all boxes are checked before indicating that a pull request is ready for review.