[Pulp-dev] Pinning dependencies in Pulp 3
Brian Bouterse
bbouters at redhat.com
Fri Jul 26 17:40:12 UTC 2019
+1. This brings increased stability to Pulp users, and keeps Pulp forward
compatible with all dependency releases. It's the best of both worlds and
automated!
On Fri, Jul 26, 2019 at 12:33 PM Dennis Kliban <dkliban at redhat.com> wrote:
> +1
>
> I really like that there is automation to help us update the deps. If the
> PR from dependabot passes CI, we can just merge. Otherwise we will file an
> issue.
>
> On Fri, Jul 26, 2019 at 11:38 AM David Davis <daviddavis at redhat.com>
> wrote:
>
>> Recently, Pulp 3 package installs were broken by a new version of DRF
>> which necessitated a new release of pulpcore (RC4)[0]. Our releases are
>> fragile and unstable because they don't pin versions of dependencies.
>>
>> I was thinking of a new strategy whereby we pin pulpcore's dependencies
>> to specific versions (either y or z releases) and we use something like
>> dependabot[1] to notify us of new updates for pulpcore dependencies. It
>> looks like it'll open new PRs when it detects a dependency is out of date.
>>
>> The one downside I do see is that dependabot PRs could be ignored.
>> However, I think the stability of our releases outweighs this potential
>> risk especially as we get closer to GA.
>>
>> Thoughts?
>>
>> [0] https://www.redhat.com/archives/pulp-dev/2019-July/msg00076.html
>> [1] https://dependabot.com/
>>
>> David
>> _______________________________________________
>> Pulp-dev mailing list
>> Pulp-dev at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20190726/0f77e920/attachment.htm>
More information about the Pulp-dev
mailing list