fgregg
commented
6 months ago i think some CI for the cookie cutter is brilliant.
Open smcalilly opened 6 months ago
fgregg
commented
6 months ago i think some CI for the cookie cutter is brilliant.
hancush
commented
6 months ago I have used npm-check-updates for this exact task: https://www.npmjs.com/package/npm-check-updates
xmedr
commented
2 months ago The new github workflow was merged in and successfully upgraded dependencies this past Sunday!
The concern about dependencies breaking each other makes sense. And I do like the idea of tests to make sure things still run well with the upgrades, but what would that look like?
fgregg
commented
2 months ago as a one test, we could instantiate the cookie cutter instances and check that the main page loads?
Similar to dependabot with security updates, we could create a github action that upgrades python and javascript dependencies for the django cookiecutter. This would obsolete the manual, tedious process where we upgrade those dependencies whenever we notice they're old (which isn't the best method).
Here's one downside to this approach: what if the bot upgrades the dependencies and the changes break something in the cookiecutter? For example, IIRC, in the past a React upgrade broke how we render the react components and we had to upgrade React + change something in the cookiecutter. To address this problem, we can review the changes with a review app deployed to heroku (fully automated by gh actions!), and add some automated tests to ensure all parts of the cookiecutter app still works.
Are there any other downsides to this?