Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run github cron workflow to update deps #238

Open
gerrymanoim opened this issue Sep 20, 2022 · 2 comments
Open

Run github cron workflow to update deps #238

gerrymanoim opened this issue Sep 20, 2022 · 2 comments
Labels
CI Continuous integration

Comments

@gerrymanoim
Copy link
Owner

Hi @gerrymanoim, I've just updated the dependencies in #227.

tbh, I'd question if employing dependabot to maintain the requirements files is worthwhile. # 227 updated 16 or so dependencies - if dependabot were to have managed it that would have been (I believe) 16 separate commits clogging up the commit history.

Manually updating the dependencies is a simple enough affair - just commit the changes from the following:

$ pip-compile --upgrade --output-file=etc/requirements.txt pyproject.toml
$ pip-compile --upgrade --extra=dev --output-file=etc/requirements_dev.txt pyproject.toml
$ pip-compile --upgrade --upgrade-package pandas==1.1 --extra=dev --output-file=etc/requirements_minpandas.txt pyproject.toml

Maybe just use dependabot for github actions and update the requirements manually once a month or so?

Perhaps it would even be possible to write a github actions workflow to run the above and raise a PR once a month with the resulting changes?

Originally posted by @maread99 in #217 (comment)
@maread99
Copy link
Collaborator

maread99 commented Oct 4, 2022
edited
Loading

I'm now thinking the ideal would be to do as above, although additionally have dependabot set up for just the requirements.txt dependencies (not the dev). I wouldn't suggest merging the PRs that dependabot raises (rely instead on the above), but setting up dependabot for just the main requirements gives an immediate heads up if a dependency upgrade has broken exchange_calendars (the tests for the dependabot PR will show as failing). Otherwise we could go a month without any reason to suspect that the package is broken.

@gerrymanoim, as I think you've mentioned before, looks like setting up dependabot for just the requirements.txt would necessitate having this file in a separate directory to the rest of the requirements. Perhaps move requirements.txt out of etc/ and into the root directory? EDIT that wouldn't work, requirements.txt would need to go in its own directory, with no directories under it, and the dependabot 'directory' config option would need to be set to this directory.

If were to change the location of requirements.txt then would need to revise all the workflows that look at it.

@maread99 maread99 mentioned this issue Oct 4, 2022
Open
4 tasks
@maread99 maread99 added the CI Continuous integration label Oct 23, 2022
@maread99 maread99 mentioned this issue Oct 23, 2022
Closed
@herebebeasties
Copy link

Note that dependabot now supports grouped updates by just dropping a config file into the repo - blog post - docs - example

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CI Continuous integration
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gerrymanoim @herebebeasties @maread99