We discovered today that the 2.2.x branch has bit-rotted again and does not pass CI anymore (due to testing dependencies moving under us).
Looking for a volunteer to take the lead on making sure that 2.2.x stays healthy, managing any 2.2.x release we want to do before 2020, and keeping track of what things from master need to be pulled all the way back.
I suspect that this will take an hour per week average and is time-boxed to end on Jan 1, 2020.
On Mon, Jun 3, 2019 at 8:59 PM Thomas Caswell <[hidden email]> wrote:
> We discovered today that the 2.2.x branch has bit-rotted again and does not pass CI anymore (due to testing dependencies moving under us).
I'm not volunteering, but I highly recommend dependabot for handling
these things. Basically the way it works is:
- rename your existing blah-requirements.txt files to blah-requirements.in
- install pip-tools and run 'pip-compile blah-requrements.in' to
generate a fully-specified blah-requirements.txt
- enable the dependabot app on your repo
Now you're always testing against an exact known version, and when
your test dependencies make a new release, dependabot sends a PR to
update your requirements file – so in the cases where previously your
CI would have broken, now you get a PR with failing tests to alert you
to the problem, and in the mean time any other PRs keep using the old
version until you get things sorted out.
You can also configure dependabot to auto-merge its PRs if they pass
CI, so this doesn't necessarily create any extra human workload.