All notable changes to mobu will be documented in this file.
Versioning follows semver.
Dependencies are updated to the latest available version during each release. Those changes are not noted here explicitly.
Pin Pydantic to version 1.x for now. neophile will require changes to work properly with Pydantic 2.x, which will be done after Safir adds support for it.
NEOPHILE_COMMIT_NAMEenvironment variable is no longer supported. Instead,
NEOPHILE_USERNAMEconfigures the GitHub username of the running instantiation of neophile, used as both the name for Git commits and to construct the email address unless
neophile-square[bot], the instantiation of neophile for the lsst-sqre organization.
NEOPHILE_COMMIT_EMAILis now optional. If not set, the UID of the GitHub user from
NEOPHILE_USERNAMEis retrieved from the GitHub API and used to form a standard GitHub no-replay email address.
Use the GitHub App installation token when pushing Git changes in preparation for creating a PR rather than using the default GitHub Actions token. If the branch was pushed with the GitHub Actions token, further GitHub Actions refuse to run on that branch to avoid creating a loop, but we need GitHub Actions to run so that the dependency update PR can be automerged.
neophile is now intended to be run either via GitHub Actions or on a local checkout, and never as a Kubernetes service. The
neophile processcommand, the configuration specific to that command (work area, lists of repositories), and support for running inside a virtualenv have been removed.
When creating PRs, neophile now must be configured as a GitHub App with a suitable application ID and private key in environment variables.
neophile no longer provides Docker images and instead is now a conventional Python package installable from PyPI.
Support for Helm and Kustomize dependency checking and updating has been removed, along with the configuration options for Helm chart caching and version patterns in Helm charts. Mend Renovate and Dependabot support Helm and Kustomize dependency checking with more features, and we haven’t used this support in several years.
Add a new
neophile updatecommand that updates known dependencies in the provided tree and (if the
--prflag is given) creates a GitHub pull request. This replaces the
When creating PRs, neophile no longer embeds the GitHub username and token in the remote URL. It instead uses the existing
originremote and assumes Git operations are already authenticated.
Name and email address are now used only for Git commits, so the names of the environment variables to set them have changed accordingly to
Add a new
neophile checkcommand that checks to see if all dependencies are up-to-date and exits with a non-zero status and messages to standard error if they are not. This is intended for use as a GitHub Actions check.
The types of dependencies to analyze may now be specified as command-line arguments to
neophile analyze(and the new
neophile updatecommands). The default continues to be to analyze all known dependencies.
neophile analyzenow prints nothing if no pending updates were found, and omits dependency types with no pending updates from its output.
Drop support for Python 3.10.
packaging.versionhas dropped support for arbitrary legacy version numbers, so neophile also no longer supports them.
Drop support for Python 3.9.
Fix type of
pullRequestIdwhen enabling auto-merge.
Fix enabling of auto-merge after creating a new PR.
Warn of errors if auto-merge could not be enabled but do not fail.
Attempt to set auto-merge on pull requests after they’re created. Failure to do so is silently ignored.
BadRequesterrors from a GitHub repository inventory request.
Support updating pull requests for the
mainbranch instead of
masterif it is present.
Use the repository default branch to construct and query for PRs. This works properly with newer or converted GitHub repositories that use
masteras the default branch.
Update pinned dependencies.
Require Python 3.9.
Add support for full GitHub URLs in Kustomize external references.
Add libpq-dev to the Docker image so that dependency updates work properly with packages using psycopg2.
The initial release of neophile. Supports
analyze to run on a single repository and
process to process multiple configured repositories. This release supports frozen Python dependencies, pre-commit hooks, Helm charts, and Kustomize external references. Only GitHub is supported for pre-commit hooks and Kustomize external references.