Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pin dependencies, setup dependabot #179

Merged
merged 2 commits into from
Jan 13, 2025
Merged

Pin dependencies, setup dependabot #179

merged 2 commits into from
Jan 13, 2025

Conversation

jku
Copy link
Member

@jku jku commented Jan 13, 2025
edited
Loading

Purpose here is to make the test suite reproducible for action users (test suite dependency updates should not break workflows). At the moment I believe the action is broken for everyone except sigstore-python and the selftest here...

  • Pin dependencies by exact version
  • Setup dependabot: update once a month

Fixes #178, but I will file another issue about installing sigstore-python in a virtual env of its own

jku added 2 commits January 13, 2025 11:51
@jku
Pin requirements strictly
b45305a 
The purpose is to make it less likely that the test suite action breaks
suddenly.

Also upgrade all the dependencies to current versions (except protobufs
which apparently breaks the suite with newest version).

Signed-off-by: Jussi Kukkonen <[email protected]>
@jku
Add Dependabot config
aec105a 
* monthly updates
* python updates are not grouped: if we only update monthly they may
  actually sometimes break and in that case grouping is annoying

Signed-off-by: Jussi Kukkonen <[email protected]>
@jku jku mentioned this pull request Jan 13, 2025
Closed
@jku jku marked this pull request as draft January 13, 2025 10:55
@jku jku force-pushed the pin-dependencies branch from be65ece to aec105a Compare January 13, 2025 10:58
@jku jku marked this pull request as ready for review January 13, 2025 10:58
This was referenced Jan 13, 2025
Open
Merged
@jku jku requested a review from a team January 13, 2025 14:58
woodruffw
woodruffw approved these changes Jan 13, 2025
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@woodruffw woodruffw merged commit 8c5fc39 into sigstore:main Jan 13, 2025
9 checks passed
@di
Copy link
Member

di commented Jan 13, 2025

Not high priority, but can we add requirements.in and hash-checking here as well?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@woodruffw woodruffw woodruffw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Conformance tests failing after latest protobuf-specs python release
3 participants
@jku @di @woodruffw