|
| 1 | +# Maintainer guide |
| 2 | + |
| 3 | +This document is intended for maintainers of the template. |
| 4 | + |
| 5 | +## Automated updates |
| 6 | + |
| 7 | +We use 2 separate services to keep our dependencies up-to-date: |
| 8 | + |
| 9 | +- Dependabot, which manages updates of Python deps of the template, GitHub actions, npm packages and Docker images. |
| 10 | +- PyUp, which manages the Python deps for the generated project. |
| 11 | + |
| 12 | +We don't use Dependabot for the generated project deps because our requirements files are templated, and Dependabot fails to parse them. PyUp is -AFAIK- the only service out there that supports having Jinja tags in the requirements file. |
| 13 | + |
| 14 | +Updates for the template should be labelled as `project infrastructure` while the ones about the generated project should be labelled as `update`. This is use to work in conjunction with our changelog script (see later). |
| 15 | + |
| 16 | +## Automation scripts |
| 17 | + |
| 18 | +We have a few workflows which have been automated over time. They usually run using GitHub actions and might need a few small manual actions to work nicely. Some have a few limitations which we should document here. |
| 19 | + |
| 20 | +### CI |
| 21 | + |
| 22 | +`ci.yml` |
| 23 | + |
| 24 | +The CI workflow tries to cover 2 main aspects of the template: |
| 25 | + |
| 26 | +- Check all combinations to make sure that valid files are generated with no major linting issues. Issues which are fixed by an auto-formatter after generation aren't considered major, and only aim for best effort. This is under the `test` job. |
| 27 | +- Run more in-depth tests on a few combinations, by installing dependencies, running type checker and the test suite of the generated project. We try to cover docker (`docker` job) and non-docker (`bare` job) setups. |
| 28 | + |
| 29 | +We also run the deployment checks, but we don't do much more beyond that for testing the production setup. |
| 30 | + |
| 31 | +### Django issue checker |
| 32 | + |
| 33 | +`django-issue-checker.yml` |
| 34 | + |
| 35 | +This workflow runs daily, on schedule, and checks if there is a new major version of Django (not in the pure SemVer sense) released that we are not running, and list our dependencies compatibility. |
| 36 | + |
| 37 | +For example, at time of writing, we use Django 4.2, but the latest version of Django is 5.0, so the workflow created a ["Django 5.0" issue](https://github.com/cookiecutter/cookiecutter-django/issues/4724) in GitHub, with a compatibility table and keeps it up to date every day. |
| 38 | + |
| 39 | +#### Limitations |
| 40 | + |
| 41 | +Here are a few current and past limitations of the script |
| 42 | + |
| 43 | +- When a new dependency is added to the template, the script fails to update an existing issue |
| 44 | +- Not sure what happens when a deps is removed |
| 45 | +- ~~Unable to parse classifiers without minor version~~ |
| 46 | +- ~~Creates an issue even if we are on the latest version~~ |
| 47 | + |
| 48 | +### Issue manager |
| 49 | + |
| 50 | +`issue-manager.yml` |
| 51 | + |
| 52 | +A workflow that uses [Sebastian Ramirez' issue-manager](https://github.com/tiangolo/issue-manager) to help us automate issue management. The tag line from the repo explains it well: |
| 53 | + |
| 54 | +> Automatically close issues or Pull Requests that have a label, after a custom delay, if no one replies back. |
| 55 | +
|
| 56 | +It runs on a schedule as well as when some actions are taken on issues and pull requests. |
| 57 | + |
| 58 | +We wait 10 days before closing issues, and we have a few customised reasons, which are configured in the workflow itself. The config should be fairly self-explanatory. |
| 59 | + |
| 60 | +### Pre-commit auto-update |
| 61 | + |
| 62 | +`pre-commit-autoupdate.yml` |
| 63 | + |
| 64 | +Run daily, to do `pre-commit autoupdate` on the template as well as the generated project, and opens a pull request with the changes. |
| 65 | + |
| 66 | +#### Limitations |
| 67 | + |
| 68 | +- The PR is open as GitHub action which means that CI does NOT run. The documentation for create-pull-request action [explains why](https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs). |
| 69 | +- Some hooks are also installed as local dependencies (via `requirements/local.txt`), but these are updated separately via PyUP. |
| 70 | + |
| 71 | +### Update changelog |
| 72 | + |
| 73 | +`update-changelog.yml` |
| 74 | + |
| 75 | +Run daily at 2AM to update our changelog and create a GitHub release. This runs a custom script which: |
| 76 | + |
| 77 | +- List all pull requests merged the day before |
| 78 | +- The release name is calendar based, so `YYYY.MM.DD` |
| 79 | +- For each PR: |
| 80 | + - Get the PR title to summarize the change |
| 81 | + - Look at the PR labels to classify it in a section of the release notes: |
| 82 | + - anything labelled `project infrastructure` is excluded |
| 83 | + - label `update` goes in section "Updated" |
| 84 | + - label `bug` goes in section "Fixed" |
| 85 | + - label `docs` goes in section "Documentation" |
| 86 | + - Default to section "Changed" |
| 87 | + |
| 88 | +With that in mind, when merging changes, it's a good idea to set the labels and rename the PR title to give a good summary of the change, in the context of the changelog. |
| 89 | + |
| 90 | +#### Limitations |
| 91 | + |
| 92 | +- Dependabot updates for npm & Docker have a verbose title, try to rename them to be more readable: `Bump webpack-dev-server from 4.15.1 to 5.0.2 in /{{cookiecutter.project_slug}}` -> `Bump webpack-dev-server to 5.0.2` |
| 93 | +- ~~Dependencies updates for the template repo (tox, cookiecutter, etc...) don't need to appear in changelog, and need to be labelled as `project infrastructure` manually. By default, they come from PyUp labelled as `update`.~~ |
| 94 | + |
| 95 | +### Update contributors |
| 96 | + |
| 97 | +`update-contributors.yml` |
| 98 | + |
| 99 | +Runs on each push to master branch. List the 5 most recently merged pull requests and extract their author. If any of the authors is a new one, updates the `.github/contributors.json`, regenerate the `CONTRIBUTORS.md` from it, and push back the changes to master. |
| 100 | + |
| 101 | +#### Limitations |
| 102 | + |
| 103 | +- If you merge a pull request from a new contributor, and merge another one right after, the push to master will fail as the remote will be out of date. |
| 104 | +- If you merge more than 5 pull requests in a row like this, the new contributor might fail to be added. |
0 commit comments