Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependabot for dependency upgrades #763

Merged
merged 1 commit into from
Nov 24, 2024
Merged

Add dependabot for dependency upgrades #763

merged 1 commit into from
Nov 24, 2024

Conversation

clintonsteiner
Copy link
Collaborator

@clintonsteiner clintonsteiner commented Oct 21, 2024
edited by akaihola
Loading

@clintonsteiner clintonsteiner self-assigned this Oct 21, 2024
@akaihola akaihola self-requested a review October 22, 2024 19:58
@akaihola akaihola added enhancement New feature or request CI labels Oct 22, 2024
@akaihola akaihola added this to the Darker 3.1.0 milestone Oct 22, 2024
@akaihola
Copy link
Owner

Thanks @clintonsteiner!

So does dependabot work fine with packages which use setuptools and setup.cfg? I remember participating in the discussion of dependabot/dependabot-core#2133, but it might be that the issue concerns only the depenedency graph feature on GitHub.

akaihola
akaihola requested changes Oct 23, 2024
View reviewed changes
Copy link
Owner

@akaihola akaihola left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we somehow test this before merging?

Also, a change log entry would be nice.

@clintonsteiner
Copy link
Collaborator Author

https://github.com/clintonsteiner/darker/actions/runs/11605270324/job/32315372582
Testing in fork now appears to work, must enable in code security though
image

@clintonsteiner
Copy link
Collaborator Author

clintonsteiner commented Oct 31, 2024
edited by akaihola
Loading

I'd like to get rid of the constraints-oldest and move to pyproject.toml

I was unable to make dependabot acknowledge both files and seems a pain to manage both

akaihola
akaihola reviewed Nov 7, 2024
View reviewed changes
setup.cfg Outdated Show resolved Hide resolved
@akaihola
Copy link
Owner

akaihola commented Nov 7, 2024

#767
I'd like to get rid of the constraints-oldest and move to pyproject.toml

I was unable to make dependabot acknowledge both files and seems a pain to manage both

I noticed you closed #767 – did you find a work-around?

I wanted to move away from setup.cfg as well, and uv nowadays provides --resolution=lowest, equivalent to what I've used constraints-oldest.txt for.

But: Due to missing raw HTML support on PyPI, we still depend on setup.py to strip the contributor table from README.rst in the distribution packages. This is the only reason we're still using setup.py and setup.cfg. I've been looking into different ways of solving this (e.g. configuring PyPI or GitHub to use a different file for the project front page), but haven't found an elegant solution yet.

@clintonsteiner clintonsteiner force-pushed the personal/csteiner/dependabotImplementation branch from aa80cc2 to 818d9b8 Compare November 22, 2024 05:53
@akaihola akaihola merged commit f31b3a2 into akaihola:master Nov 24, 2024
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akaihola akaihola akaihola requested changes

Assignees

@clintonsteiner clintonsteiner

Labels
CI enhancement New feature or request
Projects
Darker and Graylint development
Status: Done
Milestone
Darker 3.1.0
Development

Successfully merging this pull request may close these issues.
2 participants
@clintonsteiner @akaihola