diff --git a/doc/articles/contributing/guidelines/updating-dependencies.md b/doc/articles/contributing/guidelines/updating-dependencies.md new file mode 100644 index 000000000000..f007fb286d2f --- /dev/null +++ b/doc/articles/contributing/guidelines/updating-dependencies.md @@ -0,0 +1,66 @@ +# Guidelines for updating dependencies + +We use Dependabot to notify the team of any updates to dependencies. Once a week the robot will scan our dependencies and raise a pull-request if a new version is found. If an existing open pull-request is found for a dependency it will be closed and replaced with a new pull-request. The behaviour of the robot is [controlled by this configuration file](https://github.com/unoplatform/Uno/blob/master/.dependabot/config.yml). + +## internal dependencies + +These dependencies don't change the public API surface and are typically safe to merge and we could potentially [configure mergify to automatically merge them if CI passes](https://medium.com/mergify/merging-bots-pull-requests-automatically-548ed0b4a424): + +- BenchmarkDotNet +- [FluentAssertions](https://github.com/unoplatform/uno/pull/1196) +- [NUnit3TestAdapter](https://github.com/unoplatform/uno/pull/1455) +- [NUnit.Runners](https://github.com/unoplatform/uno/pull/1122) +- [Microsoft.AppCenter](https://github.com/unoplatform/uno/pull/1175) +- [Microsoft.SourceLink.GitHub](https://github.com/unoplatform/uno/pull/1204) +- [Microsoft.NET.Test.Sdk](https://github.com/unoplatform/uno/pull/1203) +- [MSTest.TestAdapter](https://github.com/unoplatform/uno/pull/1126) +- [MSTest.TestFramework](https://github.com/unoplatform/uno/pull/1128) +- Moq +- [Xamarin.Build.Download](https://github.com/unoplatform/uno/pull/1123) + +These dependencies require manual adjustments before merging: + +- [docfx.console](https://github.com/unoplatform/Uno/pull/1082/commits/c222caf8c23b35e19f6b33cd624cbfa714250bfe) +- `Microsoft.CodeAnalysis.*`. Those dependencies need to be aligned with the source generation task package, for which the dependency cannot be be explicitly provided. +- `Xamarin.GooglePlayServices.*`. Those dependencies are added per TargetFramework (Android SDK version), not updated. + +## public dependencies + +Updating these dependencies will require consumers to upgrade their dependencies and as such need consideration on a case by case basis is required before merging: + +- [System.Reactive](https://github.com/unoplatform/uno/pull/1170#pullrequestreview-256670600). Currently only used in the `WpfHost` which eventually will be deprecated. +- [Microsoft.TypeScript.*](https://github.com/unoplatform/uno/pull/1129) child packages needs to be aligned with the other `Microsoft.TypeScript.*` packages. + +## additional care required + +These dependancies require care and human testing: + +- [Com.Airbnb.Android.Lottie](https://github.com/unoplatform/uno/pull/1201#issuecomment-511499023). This dependency reduces the number of supported SDKs (monoandroid80 is not supported). This dependency will be updated once monoandroid80 support is dropped from Uno. +- [CommonServiceLocator](https://github.com/unoplatform/uno/pull/1174#issuecomment-507659717). This specific dependency needs to be removed from Uno. +- [cef.redist.x86](https://github.com/unoplatform/uno/pull/1173#issuecomment-507662267) needs to be kept in alignment with `CefSharp.Wpf` +- [CefSharp.Wpf](https://github.com/unoplatform/uno/pull/1173#issuecomment-507662267) needs to be kept in alignment with `cef.redist.x86` +- [Microsoft.CodeAnalysis.*](https://github.com/unoplatform/uno/pull/1169) children packages needs to be aligned with the other `Microsoft.CodeAnalysis` packages. +- [Microsoft.Build.*](https://github.com/unoplatform/uno/pull/1169) children packages needs to be aligned with the other `Microsoft.Build` packages, and need to be aligned with `Uno.SourceGenerationTasks` package features. +- [Microsoft.Extensions.Logging.*](https://github.com/unoplatform/uno/pull/1108/files#r300432589) child packages needs to be aligned with the other `Microsoft.Extensions.Logging` packages. Currently can't be upgraded because most recent versions are using thread, which are not supported on Wasm. +- [Microsoft.UI.Xaml](https://github.com/unoplatform/uno/pull/1503): This dependency is needs to be aligned with the currently supported API set found in Uno. + +These dependencies require care and human testing to confirm compatibility with webassembly: + +- [Microsoft.Extensions.Logging.Console](https://github.com/unoplatform/Uno/pull/894#issuecomment-495046929) + +These dependencies are updated manually as part of the release process: + +- Uno.SourceGenerationTasks +- Uno.Core + +## chatops + +You can trigger Dependabot actions by commenting on the pull-request: + +``` +@dependabot recreate will recreate this PR, overwriting any edits that have been made to it +@dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) +@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) +``` + +Please do not use any of the `rebase|merge|squash and merge` chatops commands as they bypass our merging pull-request guidelines and `ready-to-merge` workflow.