[Buildbot] #3661: lock upstream dependencies and use service like pyup.io to update them
Buildbot trac
trac at buildbot.net
Sun Jan 15 21:32:51 UTC 2017
#3661: lock upstream dependencies and use service like pyup.io to update them
------------------------+-----------------------
Reporter: rutsky | Owner:
Type: enhancement | Status: new
Priority: major | Milestone: undecided
Version: | Keywords:
------------------------+-----------------------
Buildbot dependencies relatively often release new versions: new versions
of Twisted, Sphinx, pyflakes, etc.
Buildbot doesn't set upper bound most of dependencies versions, so when
new version of dependency arrives, it's immediately being used by Buildbot
CI.
The problem is that "immediately" means "with the next PR" and sometimes
perfectly correct PR fails with some strange (and unexpected to PR author
errors) due to some issue with new dependency version.
This problem is being solved in some other projects by:
1. Locking dependencies version in `requiremets.txt` (or `requiremets-
test.txt`, `requiremets-dev.txt`) and using them in CI.
2. Enabling and configuring https://pyup.io/ for !GitHub repository.
pyup.io tracks new releases on PyPI and submits pull request with updates
of dependencies to their current latest version.
In the PR it also prints nice changelog for updated dependency
([https://github.com/KeepSafe/aiohttp/pull/1522 example]).
With such pipeline latest dependencies for CI are being updated only in
PRs from pyup.io and only them should fail due to new version
incompabilities.
--
Ticket URL: <http://trac.buildbot.net/ticket/3661>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation
More information about the bugs
mailing list