Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pin dependencies #103

Merged
merged 3 commits into from
Jan 5, 2024
Merged

Pin dependencies #103

merged 3 commits into from
Jan 5, 2024

Conversation

tsundvoll
Copy link
Contributor

No description provided.

@tsundvoll tsundvoll force-pushed the pin-dependencies branch 6 times, most recently from 8d868ee to 7f3310c Compare December 21, 2023 16:28
Copy link

@FuzzyReality FuzzyReality left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code itself looks good to me. I am wondering some about the purpose of snyk_check.yml (see the specific comment for details), and also how and whenrequiremnts.txt is to be updated (what will be the policy for updating it, should we do it as part of a workflow or perhaps pre-commit-hook?)

@tsundvoll
Copy link
Contributor Author

tsundvoll commented Jan 5, 2024

The code itself looks good to me. I am wondering some about the purpose of snyk_check.yml (see the specific comment for details), and also how and whenrequiremnts.txt is to be updated (what will be the policy for updating it, should we do it as part of a workflow or perhaps pre-commit-hook?)

Summary from discussion:

  • Pre-commit hook seems like a good idea.
  • In the future we can think about having some automated workflow that looks for updates on a regular basis. Useful for periods with little to no development (commits). One reason for having something like this (and for updating dependency versions regularly) is to avoid being too far behind when we eventually make the upgrade the dependency version. Another is that it will be easier to see when a dependency broke something.

We can take in this PR, and I will add the pre-commit hook later, since this setup provides some value already.

Copy link

@FuzzyReality FuzzyReality left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good job!

@tsundvoll tsundvoll merged commit cfe1369 into equinor:main Jan 5, 2024
5 checks passed
@tsundvoll tsundvoll deleted the pin-dependencies branch January 5, 2024 10:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants