diff options
author | David Robertson <davidr@element.io> | 2023-05-30 13:54:50 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-05-30 13:54:50 +0100 |
commit | 42786d8a477b6d44075b0e56949820331d9962d8 (patch) | |
tree | cdfb211728f780cd41f835abc007b3dc2974c840 /docs | |
parent | Bump types-bleach from 6.0.0.1 to 6.0.0.3 (#15686) (diff) | |
download | synapse-42786d8a477b6d44075b0e56949820331d9962d8.tar.xz |
Create dependabot changelogs at release time (#15481)
* Ditch dependabot changelog workflow * Summarise dependabot commits in release script * Changelog * Update scripts-dev/release.py
Diffstat (limited to 'docs')
-rw-r--r-- | docs/development/dependencies.md | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/docs/development/dependencies.md b/docs/development/dependencies.md index c4449c51f7..b5926d96ff 100644 --- a/docs/development/dependencies.md +++ b/docs/development/dependencies.md @@ -260,15 +260,17 @@ doesn't require poetry. (It's what we use in CI too). However, you could try ## ...handle a Dependabot pull request? -Synapse uses Dependabot to keep the `poetry.lock` file up-to-date. When it -creates a pull request a GitHub Action will run to automatically create a changelog -file. Ensure that: +Synapse uses Dependabot to keep the `poetry.lock` and `Cargo.lock` file +up-to-date with the latest releases of our dependencies. The changelog check is +omitted for Dependabot PRs; the release script will include them in the +changelog. + +When reviewing a dependabot PR, ensure that: * the lockfile changes look reasonable; * the upstream changelog file (linked in the description) doesn't include any breaking changes; -* continuous integration passes (due to permissions, the GitHub Actions run on - the changelog commit will fail, look at the initial commit of the pull request); +* continuous integration passes. In particular, any updates to the type hints (usually packages which start with `types-`) should be safe to merge if linting passes. |