dora-metrics/pelorus

Pin Python dependencies

mateusoliveira43 opened this issue · 1 comments

Fix

It is not the first time a Python dependency updates and breaks our CI. This leads to investigation and waste of time. We should have all Python dependencies versions pinned to avoid this.

We can use GitHub dependabot to check for updates and run CI on them before accepting the update, like is done here.

Requirements

  • Pin all Python dependencies versions
  • OPTIONAL Use Poetry
    • check if this does not break any step of project (like creating exporters images)
  • OPTIONAL Use dependabot to check for updates
  • leverage dependbot for dep version updates
  • pin the full version of dep