Consider removing poetry.lock from .gitignore

[annastuchlik]

This issue is opened to start a discussion per the developer's request in issue https://github.com/scylladb/scylladb/issues/12033.

While checking in lock files is a good practice, the proposed solution may impact, for example, running local previews. We may opt to leave the current solution, but it's worth discussing what options we have.

[dgarcia360]

We propose that each project commits its poetry.lock file to the repository, as recommended in https://python-poetry.org/docs/basic-usage/#committing-your-poetrylock-file-to-version-control

Why

1. Repeatable builds: Ensures consistent dependency versions across development and production.

2. Minimized risk of breakage: Locks dependencies to prevent issues from unexpected updates, as seen in https://github.com/scylladb/sphinx-scylladb-theme/pull/1157

Challenges & solutions

• Distribution flexibility vs. security: Committing the lock file limits automatic theme updates, favoring stability but reducing flexibility.

  Proposed solution: Enable Dependabot on each project to automate dependency updates, targetting our Sphinx packages (sphinx-scylladb, sphinx-scylladb-multiversion).

Next steps

• [x] Remove poetry.lock from make clean.
• [x] Remove poetry.lock form gitignore.
• [x] Set dependencies in pyproject.toml to install always latest minor
• [x] Create a sample dependabot scripts projects can copy and paste.
• [ ] Release new theme version.
• [ ] Post announcement in forum.
• [ ] Help projects to migrate to the latest version (PR per project).
• [ ] Distribute a new theme version.

[dgarcia360]

During the upgrade to 1.8, I noticed that we needed to remove the poetry update command from the make setup command to ensure that the dependencies defined in poetry.lock are used in production builds. I’ve applied this change to most of the upgrade PRs, except for the repositories that have already merged, for which I’ll send a fix:

• [x] sphinx-theme: https://github.com/scylladb/sphinx-scylladb-theme/pull/1235
• [x] scylladb: https://github.com/scylladb/scylladb/pull/20876
• [x] scylladb-docs-homepage: https://github.com/scylladb/scylladb-docs-homepage/pull/21
• [x] care-pet: https://github.com/scylladb/care-pet/pull/157
• [x] python-driver: https://github.com/scylladb/python-driver/pull/379
• [x] cpp-driver: https://github.com/scylladb/cpp-driver/pull/99
• [x] scylla-cloud-doc: https://github.com/scylladb/scylla-cloud-doc/pull/242