Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjust requirements file and dependabot versioning strategy #1978

Merged
merged 5 commits into from
Jul 17, 2024
Merged

Adjust requirements file and dependabot versioning strategy #1978

merged 5 commits into from
Jul 17, 2024

Conversation

ravi-kumar-pilla
Copy link
Contributor

@ravi-kumar-pilla ravi-kumar-pilla commented Jul 11, 2024
edited
Loading

Description

Resolves #1967

Development notes

  • Following the doc mentioned here , the dependabot versioning-strategy widen would include both the new and old versions when possible, allowing users the flexiblility to install Kedro-Viz. Unfortunately, the pip ecosystem does not support widen. We will use auto (which is widen for libraries)
  • Relaxed the allowed versions in requirements.txt file to have a range with upper-bound corresponding to a major release of the package (which corresponds to a non-backward compatible change, hence needs more attention when upgrading).

QA notes

  • No change in the app behavior
  • All tests should pass
  • Try installing Kedro-Viz and prefect>=3.0.0rc10. This should not raise any issues as mentioned in Relax dependabot strategy #1967 . Note that there is an issue with watchgod not having support for anyio >= 4 and prefect >=3.0.0rc10 requires anyio >= 4. There is an open discussion in watchgod.

Checklist

  • Read the contributing guidelines
  • Opened this PR as a 'Draft Pull Request' if it is work-in-progress
  • Updated the documentation to reflect the code changes
  • Added new entries to the RELEASE.md file
  • Added tests to cover my changes

@astrojuanlu
Copy link
Member

This might be bad docs though:

The service currently does not accept that users configure the widen strategy in their configuration file.

However, we do have widen support in Python, since it's the default strategy used for libraries.

dependabot/dependabot-core#6630

So auto + pyproject.toml = widen.

We might see progress on this soon though? dependabot/dependabot-core#6630 (comment)

The alternative is to merge #1766 and then migrate the dependencies to pyproject.toml. But probably that has implications for CI etc.

@ravi-kumar-pilla
Copy link
Contributor Author

So auto + pyproject.toml = widen.

Interesting ! Thanks for that

The alternative is to merge #1766 and then migrate the dependencies to pyproject.toml. But probably that has implications for CI etc.

For this sprint, shall we merge #1766 and this PR having the dependabot versioning-strategy as auto with some changes to requirements.txt. I will open a separate ticket to deal with migrating requirements.txt completely to pyproject.toml ? @astrojuanlu

Thank you

@astrojuanlu
Copy link
Member

Sounds good!

@ravi-kumar-pilla ravi-kumar-pilla marked this pull request as ready for review July 11, 2024 19:55
@ravi-kumar-pilla ravi-kumar-pilla mentioned this pull request Jul 11, 2024
Open
1 task
@ravi-kumar-pilla ravi-kumar-pilla changed the title Adjust requirements.txt and dependabot versioning strategy Adjust requirements file and dependabot versioning strategy Jul 11, 2024
@ravi-kumar-pilla ravi-kumar-pilla merged commit 2c19f47 into main Jul 17, 2024
26 checks passed
@ravi-kumar-pilla ravi-kumar-pilla deleted the chore/relax-deps branch July 17, 2024 16:13
@SajidAlamQB SajidAlamQB mentioned this pull request Jul 25, 2024
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@astrojuanlu astrojuanlu astrojuanlu approved these changes

@rashidakanchwala rashidakanchwala rashidakanchwala approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Relax dependabot strategy
3 participants
@ravi-kumar-pilla @astrojuanlu @rashidakanchwala