csingley
commented
1 year ago What's the pitch here? Not sure I necessarily see the point in auto-updating dev dependencies as opposed to lib dependencies
Closed gliptak closed 1 year ago
csingley
commented
1 year ago What's the pitch here? Not sure I necessarily see the point in auto-updating dev dependencies as opposed to lib dependencies
gliptak
commented
1 year ago Renovate will keep various dependencies updated (Python, GHA, etc.)
You could commit to see the behavior and revert/delete if doesn't work out
csingley
commented
1 year ago Can you give a concrete example, for us slow kids sitting in the back of the class? For example, how would Renovate have eased your work pushing your recent series of diffs?
I don't mean to be difficult - if you want to bring this lib up to date, then strength to your arm! I'm just not entirely getting how Renovate would help with these dependencies. I mean ISTM that what is actually needed here is version pinning for mypy and black, which would then get rolled forward manually as part of the release cycle.... which is the very opposite of the workflow I see here. Automatic version updates is exactly what causes the breakage, as those tools get progressively stricter.
What am I missing here?
gliptak
commented
1 year ago no worries. whatever fits your workflow
here are example PRs submitted by Renovate (YMMV)
https://github.com/gliptak/aws-cdk-python/pulls?q=is%3Apr+renovate+is%3Aclosed
https://github.com/search?q=mend+renovate+job+log+update&type=pullrequests&s=created&o=desc
csingley
commented
1 year ago Yeah I don't think this makes a lot of sense for requirements-development.txt. ofxtools testing depends on:
Python version rarely changes; automation doesn't buy you out of much toil. Updating the test suite, including integration testing for the other dependencies, isn't really feasible to automate.
Black & mypy do frequently update, but that just causes breakage and/or an ongoing code maintenance burden that is totally unwelcome for what's close to a mature end-stage piece of software. I do like stricter conformance, especially in the type hinting... but not enough to chain myself to that wheel; life is too short. The functional benefit to actual binaries running on people's CPUs, and better run outcomes, seems unclear.
I'll pin the versions of black & mypy, which will relieve us from pointless churn until we're ready to take it on.
I use tooling along the lines of Renovate in other projects to auto-update library/app dependencies... this is a great workflow for infrastructure/app deployment to production, in particular... but for ofxtools, I keeps it old school. Don't need to update dependencies if there aren't any dependencies.
https://github.com/marketplace/renovate