summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
authorDavid Robertson <davidr@element.io>2023-05-30 13:54:50 +0100
committerGitHub <noreply@github.com>2023-05-30 13:54:50 +0100
commit42786d8a477b6d44075b0e56949820331d9962d8 (patch)
treecdfb211728f780cd41f835abc007b3dc2974c840 /docs
parentBump types-bleach from 6.0.0.1 to 6.0.0.3 (#15686) (diff)
downloadsynapse-42786d8a477b6d44075b0e56949820331d9962d8.tar.xz
Create dependabot changelogs at release time (#15481)
* Ditch dependabot changelog workflow

* Summarise dependabot commits in release script

* Changelog

* Update scripts-dev/release.py
Diffstat (limited to 'docs')
-rw-r--r--docs/development/dependencies.md12
1 files changed, 7 insertions, 5 deletions
diff --git a/docs/development/dependencies.md b/docs/development/dependencies.md
index c4449c51f7..b5926d96ff 100644
--- a/docs/development/dependencies.md
+++ b/docs/development/dependencies.md
@@ -260,15 +260,17 @@ doesn't require poetry. (It's what we use in CI too). However, you could try
 
 ## ...handle a Dependabot pull request?
 
-Synapse uses Dependabot to keep the `poetry.lock` file up-to-date. When it
-creates a pull request a GitHub Action will run to automatically create a changelog
-file. Ensure that:
+Synapse uses Dependabot to keep the `poetry.lock` and `Cargo.lock` file 
+up-to-date with the latest releases of our dependencies. The changelog check is
+omitted for Dependabot PRs; the release script will include them in the 
+changelog.
+
+When reviewing a dependabot PR, ensure that:
 
 * the lockfile changes look reasonable;
 * the upstream changelog file (linked in the description) doesn't include any
   breaking changes;
-* continuous integration passes (due to permissions, the GitHub Actions run on
-  the changelog commit will fail, look at the initial commit of the pull request);
+* continuous integration passes.
 
 In particular, any updates to the type hints (usually packages which start with `types-`)
 should be safe to merge if linting passes.