Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Document how to handle Dependabot pull requests. (#14916)
Browse files Browse the repository at this point in the history
  • Loading branch information
clokep committed Jan 25, 2023
1 parent 8a67ecb commit 339b7b3
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 0 deletions.
1 change: 1 addition & 0 deletions changelog.d/14916.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Document how to handle Dependabot pull requests.
14 changes: 14 additions & 0 deletions docs/development/dependencies.md
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,20 @@ because [`build`](https://github.com/pypa/build) is a standardish tool which
doesn't require poetry. (It's what we use in CI too). However, you could try
`poetry build` too.

## ...handle a Dependabot pull request?

Synapse uses Dependabot to keep the `poetry.lock` file up-to-date. When it
creates a pull request a GitHub Action will run to automatically create a changelog
file. Ensure that:

* the lockfile changes look reasonable;
* the upstream changelog file (linked in the description) doesn't include any
breaking changes;
* continuous integration passes (due to permissions, the GitHub Actions run on
the changelog commit will fail, look at the initial commit of the pull request);

In particular, any updates to the type hints (usually packages which start with `types-`)
should be safe to merge if linting passes.

# Troubleshooting

Expand Down

0 comments on commit 339b7b3

Please sign in to comment.