[Matplotlib-devel] Matplotlib 2.2.x caretaker

[Nathaniel Smith]

On Mon, Jun 3, 2019 at 8:59 PM Thomas Caswell <tcaswell at gmail.com> wrote:
>
> Folks,
>
> We discovered today that the 2.2.x branch has bit-rotted again and does not pass CI anymore (due to testing dependencies moving under us).

I'm not volunteering, but I highly recommend dependabot for handling
these things. Basically the way it works is:

- rename your existing blah-requirements.txt files to blah-requirements.in
- install pip-tools and run 'pip-compile blah-requrements.in' to
generate a fully-specified blah-requirements.txt
- enable the dependabot app on your repo

Now you're always testing against an exact known version, and when
your test dependencies make a new release, dependabot sends a PR to
update your requirements file – so in the cases where previously your
CI would have broken, now you get a PR with failing tests to alert you
to the problem, and in the mean time any other PRs keep using the old
version until you get things sorted out.

You can also configure dependabot to auto-merge its PRs if they pass
CI, so this doesn't necessarily create any extra human workload.

Getting it to send PRs to non-default branches is possible, but a
little non-obvious, the details are here:
https://github.com/dependabot/feedback/issues/463

-n

-- 
Nathaniel J. Smith -- https://vorpus.org