Update Dependabot for python virtual envs #2322
Conversation
* Simplify virtualenv installation to use multiple requirements files in a single directory. This eliminates the packages.txt file and provides an easier path to adding new tools in the future. It also allows us to simplify the dependenabot configuration as all requirements files are in a single directory. * Update dependabot.yml to point to the new Python dependencies folder.
jalaziz
requested review from
admiralAwkbar,
ferrarimarco,
GaboFDC,
Hanse00,
lindluni,
nemchik and
zkoppert
as code owners
|
@lindluni I did some testing with Dependabot and it seems like Dependabot is not smart enough to handle conflicting dependencies (seems like it expects a build failure to catch that), but it is smart enough to handle multiple files in the same directory. What this gets us is a slightly simplified Dependabot configuration. Since it recognizes any The only downside I can see here is it may eagerly update dependencies with versions that don't meet the transitive requirements, but that would fail on installation (which should fail the PR checks). We'd then have to update each the requirements independently if we want to unblock an upgrade, but the tradeoff seems worth it for fewer Dependabot PRs and config entries. |
|
@lindluni Any issues? |
|
LGTM: I see now, dependabot doesn't support recursive wildcards for the directory to scan 😢 |
Yeah, sorry, I could've clarified that more on the original PR. One of the more annoying dependabot limitations. |
Proposed Changes
a single directory. This eliminates the packages.txt file and provides
an easier path to adding new tools in the future. It also allows us to
simplify the dependenabot configuration as all requirements files are
in a single directory.
Readiness Checklist
Author/Contributor
Reviewing Maintainer
breakingif this is a large fundamental changeautomation,bug,documentation,enhancement,infrastructure, orperformance