ENH: Autobump should warn if dependencies change with version upgrade #42161
Comments
|
I dug a bit into where autobump lives, here are some pointers:
Auto mergify autobump PRs is potentially harmful given that autobump currently doesn't check for dependency changes |
|
And there's yet another missed dependency example: #42200 |
|
@DrYak it shouldn't be too hard to detect dependency changes in autobump - this could be a fun feature to implement with quite high impact. I'd label it "Good first issue" to raise visibility but bioconda doesn't seem to have such a label (yet). [Edit: found "help wanted"] @dpryan79 have you got any thoughts on this as Bioconda boss? Is there any prior art? Has this been discussed before? Apparently @tsibley has thought about this in the past as well. |
|
Some of that thinking is in nextstrain#1. Agreed that any auto-merging of auto-bumps without review is likely to cause issues due to the lack of support for dep updates. |
|
Thanks @tsibley for the pointer! Even manual, that is non-auto-merging, is prone to cause issues (as it did in the snakemake case here) as reviewers are not told to check for dependency changes - and will usually just check for passing tests. |
This feature request is motivated by the issues surrounding snakemake dropping support for Python 3.7 and 3.8 in patch release 7.30.2
Autobump currently does not seem to identify changes in dependencies - it would be great if it did to prevent mismatch between the presumably correct pip dependencies and the downstream bioconda dependency specification
As a stop gap, before this potentially complex feature is implemented, autobump should get a warning that before approving a PR, reviewers should manually check that dependencies are still correct. It's not enough to check for a build to succeed.
Motivated by the issue discussed in #42160 #42159 #42147
Maybe this issue should live where autobump lives, but I couldn't find the appropriate repo
The text was updated successfully, but these errors were encountered: