-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve dependency updates #40
Conversation
The new workflow will be scheduled to run every Monday. Dependabot now only checks the Python dependencies for the development requirements (`requirements_dev.txt`), which needed to be moved to a separate folder for this to work (`/.dev`).
Add `hypercorn` as a direct dependency
Codecov Report
@@ Coverage Diff @@
## master #40 +/- ##
=======================================
Coverage 69.49% 69.49%
=======================================
Files 8 8
Lines 295 295
=======================================
Hits 205 205
Misses 90 90
Flags with carried forward coverage won't be shown. Click here to find out more. Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed a minor typo in a comment. Otherwise a very nice PR
Co-authored-by: Jesper Friis <jesper-friis@users.noreply.github.com>
Add a special workflow for updating
requirements.txt
.Dependabot does not update
requirements.txt
anymore then, but only the development requirements.In order to make this work, the
requirements_dev.txt
(development requirements) have been moved to a separate folder (/.dev
).All references to
requirements_dev.txt
have been updated accordingly (only used in CI/CD workflows and thedevelopment
target for Dockerfile).The new workflow checks out the
ci/dependabot-updates
branch, installs a set list of direct requirements (without versions), being eager in updating versions when installing, and then runspip freeze
to check against the currentrequirements.txt
file.If there are any changes, a PR against
ci/dependabot-updates
is created - similarly to what dependabot would otherwise do.The workflow is scheduled to run every Monday morning - similarly to when dependabot runs.
Closes #38