Some roles now define PyPi dependencies to be installed in a rol variable/default. A downside of this is that we cannot keep dependencies up to date using Dependabot. So instead, we are always installing the latest version. This means we'll find out when a breaking change has occurred when a component fails to execute properly. A different patter could be:
- Define the dependencies for a role in a
requirements.txt
- Make sure the dependencies are pinned to a certain major version
- Add the requirements file to Depandabot
This way, when the dependency has received a major update, Dependabot will open a PR and CI will run automatically, allowing us to detect breaking changes.
Roles for which this is useful
- JupyterHub
- iBridges
- Custom Packages (repo2kernel)
- ...
Some roles now define PyPi dependencies to be installed in a rol variable/default. A downside of this is that we cannot keep dependencies up to date using Dependabot. So instead, we are always installing the latest version. This means we'll find out when a breaking change has occurred when a component fails to execute properly. A different patter could be:
requirements.txtThis way, when the dependency has received a major update, Dependabot will open a PR and CI will run automatically, allowing us to detect breaking changes.
Roles for which this is useful