Document how to handle Dependabot pull requests. (#14916)

This commit is contained in:
Patrick Cloke 2023-01-25 14:49:37 -05:00 committed by GitHub
parent 836c592f15
commit 8bc5d1406c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions

1
changelog.d/14916.misc Normal file
View File

@ -0,0 +1 @@
Document how to handle Dependabot pull requests.

View File

@ -258,6 +258,20 @@ because [`build`](https://github.com/pypa/build) is a standardish tool which
doesn't require poetry. (It's what we use in CI too). However, you could try doesn't require poetry. (It's what we use in CI too). However, you could try
`poetry build` too. `poetry build` too.
## ...handle a Dependabot pull request?
Synapse uses Dependabot to keep the `poetry.lock` file up-to-date. When it
creates a pull request a GitHub Action will run to automatically create a changelog
file. Ensure that:
* the lockfile changes look reasonable;
* the upstream changelog file (linked in the description) doesn't include any
breaking changes;
* continuous integration passes (due to permissions, the GitHub Actions run on
the changelog commit will fail, look at the initial commit of the pull request);
In particular, any updates to the type hints (usually packages which start with `types-`)
should be safe to merge if linting passes.
# Troubleshooting # Troubleshooting