Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regular Update for Dependencies #1857

Closed
13 tasks done
mjones-oddball opened this issue Jul 8, 2024 · 4 comments
Closed
13 tasks done

Regular Update for Dependencies #1857

mjones-oddball opened this issue Jul 8, 2024 · 4 comments
Assignees
@mchlwellman
Labels
Notify QA Tech Debt

Comments

@mjones-oddball
Copy link

mjones-oddball commented Jul 8, 2024
edited by cris-oddball
Loading

User Story - Business Need

We wish to keep dependencies up to date so we do not need such massive overhauls of our system. This is a recurring task to update all dependencies we are able to update. Any conflicts shall get a dedicated ticket. This task should be a day of work at most because it only updates non-breaking changes.

  • Ticket is understood and QA has been contacted

User Story

As VA Notify,
I want to keep our service up to date
So that we are secure and as free of bugs as possible.

Additional Info and Resources

  • Relevant section of README.md
  • Troubleshooting tips:
    • When looking at changes in poetry.lock, revert major changes, then minor, then patch/security: never edit this file manually!

Engineering Checklist

  • Review "Tech Debt" tickets in backlog to identify packages already known to have breaking changes (don't try to upgrade these)
    • pro-tip: these should be pinned down to a specific version in the pyproject.toml file
  • Review open Dependabot PRs to determine where the changes will take place (open them and look at the files touched).
    • Do not modify these PRs
  • Update performed per the README.md
  • Passes all tests locally
  • Passes QA Suite regression testing against Dev
  • If there are any failures, compare the poetry.lock in master against your local poetry.lock.
    • Identify the discrepancies and lock those versions in pyproject.toml, create a ticket, and label it "tech debt"
    • Any non-top level dependencies that have to be locked should have a comment added to pyproject.toml and have a checkbox to remove that dependency from pyproject.toml in the acceptance criteria
    • Created ticket has the package name in the title

Acceptance Criteria

Repo dependencies are updated and we have no broken functionality. Issues opened by Dependabot are resolved. Tickets with the "tech debt" label created for any updates we could, or should, not do.

QA Considerations

  • Affected Dependabot PRs are closed after merge (may need to rebase them using dependabot command)
  • Check to see if these updates cancel out any Twistlock issues
  • QA Regression tests pass after deploying this code.
@mjones-oddball
Copy link
Author

@cris-oddball just noting you wanted to update this ticket and template

@mchlwellman mchlwellman self-assigned this Jul 25, 2024
@mchlwellman
Copy link

The upgrade to protobuf failed, I've added a ticket.

@mchlwellman mchlwellman mentioned this issue Jul 26, 2024
Merged
22 tasks
EvanParish pushed a commit that referenced this issue Jul 26, 2024
@mchlwellman
#1857 Dependency Update
d3613ce
@cris-oddball
Copy link

PR approved and merged. Deploying to Perf.

@cris-oddball
Copy link

Everything deployed to Perf just fine, dependabot issues closed, twistlock exceptions removed, sending to Staging.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mchlwellman mchlwellman

Labels
Notify QA Tech Debt
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mchlwellman @mjones-oddball @cris-oddball